28/9/19: Evidence of Systemic Risk from Major Cybersecurity Breaches

In our post for Columbia Law School's CLS Blue Sky Blog, myself and Shaen Corbet explain in non-technical terms our ground-breaking findings on systemic nature of cybersecurity risks in financial markets:

• LexBlog link: https://www.lexblog.com/2019/09/26/evidence-of-systemic-risk-from-major-cybersecurity-breaches/
• CLS link: http://clsbluesky.law.columbia.edu/2019/09/27/evidence-of-systemic-risk-from-major-cybersecurity-breaches/
• Original working paper: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3033950
• Published paper: https://www.sciencedirect.com/science/article/pii/S1057521919300274.

Our study is the first in the literature showing evidence of systemic contagion from cyber attacks on one company to other companies and stock exchanges.

Based on these findings, we have a chapter forthcoming in an academic volume on the future of regulation, proposing a novel mechanism for regulatory detection, monitoring and enforcement of cybersecurity risks. We will post this chapter when it goes to print, so stay tuned.

20/9/19: New paper: Systematic risk contagion from cyber events

Our new paper, "What the hack: Systematic risk contagion from cyber events" is now available at International Review of Financial Analysis in pre-print version here: https://www.sciencedirect.com/science/article/pii/S1057521919300274.

Highlights include:

• We examine the impact of cybercrime and hacking events on equity market volatility across publicly traded corporations.
• The volatility generated due to cybercrime events is shown to be dependent on the number of clients exposed.
• Significantly large volatility effects are presented for companies who find themselves exposed to hacking events.
• Corporations with large data breaches are punished substantially in the form of stock market volatility and significantly reduced abnormal stock returns.
• Companies with lower levels of market capitalisation are found to be most susceptible to share price reductions.
• Minor data breaches appear to be relatively unpunished by the stock market.

25/5/18: The Wondrous World of Cryptos Fraud: Profitable and Growing

One of the key promises of cryptocurrencies to their 'users'/'investors'/'gamblers' has been that of security of data stored on cryptos-backed blockchains and crypto 'assets' held by their owners. Yet, scandal after scandal, the myth has been deflated by the news flows, with security breaches, theft and fraud hitting the cryptos markets with frequency and impact not seen in traditional investment venues and asset classes.

Research by the Anti-Phishing Working Group released on Thursday shows that criminal activities have resulted in a theft of some $1.2 billion in cryptocurrencies since the beginning of 2017  (https://www.reuters.com/article/us-crypto-currency-crime/about-1-2-billion-in-cryptocurrency-stolen-since-2017-cybercrime-group-idUSKCN1IP2LU). Which is a significant number, but most likely an under-estimate to the true extent of theft and excludes fraud, especially fraud relating to the notorious ICOs.

In January-April 2018, ICOs raised some $6.6 billion, marking a 65% increase on 4Q 2017 ($3.9 billion in ICOs funding). Based on WSJ report that surveyed 1,450 ICOs, roughly 20 percent of the new offers raise major red flags for scams, including “plagiarized investor documents, promises of guaranteed returns and missing or fake executive teams”. Again, this is just a part of an iceberg. Ca half of all ICOs projects had no actual service or product offer behind them. In other words, investors in more than half of all ICOs were backing nothing more than a technological white paper, absent even a rudimentary business plan.

While there have been a lot of discussion in recent months about the potential Ponzi-game nature of the cryptos markets, irrespective of where you stand on the issue, there are two questions every investor must ask before dipping into the cryptos waters:

1. Do I, as an investor, really comprehend the risks, uncertainties, complexities, and ambiguities imbedded in product offers I am considering investing in? and
2. Do I, as an investor, have meaningful avenues for monitoring, hedging and/or ameliorating the above risks, uncertainties, complexities, and ambiguities imbedded in product offers I am considering investing in?

Now, without any sense of irony, when it comes to cryptos and ICOs, for any, even the most-informed and seasoned investor, the answers to (1) and (2) are 'No'. Which means that cryptos and ICOs are not a form of investment, but a form of speculative gambling. Nothing wrong with playing some chips at an unregulated casino, of course. Feel free to do so at own risk.

Update: A new research report (https://cointelegraph.com/news/ethereum-classic-51-attack-would-cost-just-55-mln-result-in-1-bln-profit-research) estimates that "it could take just $55 mln to hack a major cryptocurrency network for $1bln profit", providing yet more evidence that a "successful 51% attacks to control hashpower" previously deemed "too expensive and would result in making the attacked currency worthless" is no longer 'too expensive' and can deliver signifcantly higher profit margins than mining. So much for 'secure decentralized un-hackable' assets, thus.

28/11/17: Hacking the market: Systemic contagion from cybersecurity breaches

Our article for LSE Business Review is now live on the site: http://blogs.lse.ac.uk/businessreview/2017/11/28/hacking-the-market-systemic-contagion-from-cybersecurity-breaches/.

You can read (free) our paper, on which this article is based, in full here: Corbet, Shaen and Gurdgiev, Constantin, What the Hack: Systematic Risk Contagion from Cyber Events (September 7, 2017). Available at SSRN: https://ssrn.com/abstract=3033950.

Enjoy.

9/4/17: JTCI Article on Cybercrime & Financial Markets Contagion

Our paper on cybersecurity risks spillovers across financial markets was published in the JTCI: http://www.terrorismcyberinsurance.com/. You can access full paper here: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2892842.

24/2/17: Cybersecurity Threats: Business Survey

An interesting insight via https://www.bloomberg.com/politics/articles/2017-02-21/threat-of-cyber-attack-is-biggest-fear-for-businesses-survey on the rising importance of the cyber-security risks and changing business perceptions of the risk. Goes handily with our findings here: http://trueeconomics.blogspot.com/2017/01/23117-regulating-for-cybercrime-hacking.html.

21/2/17: The Future of Finance

Last week I was speaking at a forum on Open Societies in Panama City. My speech covered the key threats and transformational changes in the global financial services. Here are my annotated slides:

2/2/17: FactSet on Five 'Notable' 2016 Corporate Data Breaches

In our recent working paper on the systemic effects of cyber risks expressed via financial markets, we have shown the first empirical evidence of systemic (cross exchanges and cross companies) contagion from cyber risks to share prices of the world’s largest corporates, starting with 2014. You can read the full paper here: http://trueeconomics.blogspot.com/2017/01/23117-regulating-for-cybercrime-hacking.html.

Some new evidence on the effects of cyber crime on corporate performance is now also presented in a recent FactSet analysis here.

In this article, FactSet look at the corporate performance effects arising from five “notable” 2016 data breaches, specifically focusing on the stock performance. The methodology in this analysis, unfortunately, is weak and does not lend itself to establishing any specific hypotheses, including those claimed.

Still, an interesting collection of factoids and illustrations of the shorter term impacts (or lags in such).

23/1/17: Regulating for Cybersecurity: A Hacking-Based Mechanism

Our second paper on systemic nature (and regulatory response to) cyber security risks is now available in a working paper format here: Corbet, Shaen and Gurdgiev, Constantin, Regulatory Cybercrime: A Hacking-Based Mechanism to Regulate and Supervise Corporate Cyber Governance? (January 23, 2017): https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2904749.

Abstract: This paper examines the impact of cybercrime and hacking events on equity market volatility across publicly traded corporations. The volatility influence of these cybercrime events is shown to be dependent on the number of clients exposed across all sectors and the type of the cyber security breach event, with significantly large volatility effects presented for companies who find themselves exposed to cybercrime in the form of hacking. Evidence is presented to suggest that corporations with large data breaches are punished substantially in the form of stock market volatility and significantly reduced abnormal stock returns. Companies with lower levels of market capitalisation are found to be most susceptible. In an environment where corporate data protection should be paramount, minor breaches appear to be relatively unpunished by the stock market. We also show that there is a growing importance in the contagion channel from cyber security breaches to markets volatility. Overall, our results support the proposition that acting in a controlled capacity from within a ring-fenced incentives system, hackers may in fact provide the appropriate mechanism for discovery and deterrence of weak corporate cyber security practices. This mechanism can help alleviate the systemic weaknesses in the existent mechanisms for cyber security oversight and enforcement.

2/1/16: Financial digital disruptors and cyber-security risks

My and Shaen Corbet's new paper titled Financial digital disruptors and cyber-security risks: paired and systemic (January 2, 2017), forthcoming in Journal of Terrorism & Cyber Insurance, Volume 1 Issue 2, 2017 is now available at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2892842.

Abstract:
The scale and intensity of digital financial criminality has become more apparent and audacious over the past fifteen years. To counteract this escalating threat, financial technology (FinTech) and monetary and financial institutions (MFI) have attempted to upgrade their internal technological infrastructures to mitigate the risk of a catastrophic technological collapse. However, these attempts have been hampered through the financial stresses generated from the recent international banking crises. Significant contagion channels in the aftermath of cybercriminal events have also been recently uncovered, indicating that a single major event may generate sectoral and industry-wide volatility spillovers. As the skillset and variety of tactics used by cybercriminals develops further in an environment of stagnating and underfunded defensive technological structures, the probability of a devastating hacking event increases, along with the necessity for regulatory intervention. This paper explores and discusses the range of threats and consequences emanating from financial digital disruptors through cybercrime and potential avenues that may be utilised to counteract such risk.