Cyber risk as a threat to financial stability

Abstract

Information systems play a critical role in the functioning of financial institutions. While supporting their services and enabling their strategies, underlying vulnerabilities could pose an important source of risk: cyber risk. This may impair financial institutions’ operational capabilities and even threaten their viability. Furthermore, the high level of interconnection and interdependence between the elements of the financial system allows for the contagion of cyber risk among them. Consequently, the materialization of cyber risk in its most extreme form could threaten the stability of the financial system. To address this topic, the article first introduces cyber incidents and their estimated costs, focusing on the financial system. Cyber risk is then considered, together with the main vulnerabilities and threats to cyber security affecting financial institutions. This is followed by a justification of the potential systemic effect of cyber risk on the financial system, supported by the use of theoretical models. Moreover, highlights of the current regulatory framework on cyber risk for financial institutions operating in Spain are also presented. Finally, recommended future lines of work for the improvement of the management of cyber risk in the financial system are discussed.