Systemic Cyber Risks and the Financial Sector

By Phil Reitinger

This morning I attended the launch of the report “Cyber and the City” from The City UK. One of the report’s recommendations is for the financial sector to “Work on systemic cyber risk reduction – information and best practice sharing, risk aggregation, and sector resilience[.]”

I agree and would add that systemic cyber risk is something all sectors need to work on, including working across sector boundaries.  The financial sector understands systemic risk the best of any but, even in that sector, systemic cyber risks are hard to define, understand, and quantify.  The other sectors generally have farther to go, but go, they must.  Reliance on network communications have created a vast set of dependencies on the network and interdependencies among network-connected businesses, regardless of sector or geography.  As the report indicates, cyber risks “are not bounded by circles on a map.”

The Global Cyber Alliance, in addition to tackling particular cyber risks such as phishing through implementation of solutions like DMARC and DNS RPZ, is also undertaking an effort to measure systemic cyber risk.  We are forming a Systemic Cyber Risk Measurement advisory committee to guide our efforts and will try different approaches by putting them into practice and iterating and improving what adds value.  We will see where the data takes us.

The City UK is right: “Getting to grips with how cyber risk accumulates in the financial system and wider economy will be a technical break-through of value to all firms whether banks, insurers or asset managers.”

The author, Phil Reitinger, is the President and CEO of the Global Cyber Alliance 

You can follow him on Twitter @CarpeDiemCyber