Showing posts with label cyber risk. Show all posts
Showing posts with label cyber risk. Show all posts

Saturday, September 28, 2019

28/9/19: Evidence of Systemic Risk from Major Cybersecurity Breaches


In our post for Columbia Law School's CLS Blue Sky Blog, myself and Shaen Corbet explain in non-technical terms our ground-breaking findings on systemic nature of cybersecurity risks in financial markets:


Our study is the first in the literature showing evidence of systemic contagion from cyber attacks on one company to other companies and stock exchanges.

Based on these findings, we have a chapter forthcoming in an academic volume on the future of regulation, proposing a novel mechanism for regulatory detection, monitoring and enforcement of cybersecurity risks. We will post this chapter when it goes to print, so stay tuned.

Saturday, September 21, 2019

20/9/19: New paper: Systematic risk contagion from cyber events


Our new paper, "What the hack: Systematic risk contagion from cyber events" is now available at International Review of Financial Analysis in pre-print version here: https://www.sciencedirect.com/science/article/pii/S1057521919300274.

Highlights include:

  • We examine the impact of cybercrime and hacking events on equity market volatility across publicly traded corporations.
  • The volatility generated due to cybercrime events is shown to be dependent on the number of clients exposed.
  • Significantly large volatility effects are presented for companies who find themselves exposed to hacking events.
  • Corporations with large data breaches are punished substantially in the form of stock market volatility and significantly reduced abnormal stock returns.
  • Companies with lower levels of market capitalisation are found to be most susceptible to share price reductions.
  • Minor data breaches appear to be relatively unpunished by the stock market.

Tuesday, November 28, 2017

28/11/17: Hacking the market: Systemic contagion from cybersecurity breaches


Our article for LSE Business Review is now live on the site: http://blogs.lse.ac.uk/businessreview/2017/11/28/hacking-the-market-systemic-contagion-from-cybersecurity-breaches/.

You can read (free) our paper, on which this article is based, in full here: Corbet, Shaen and Gurdgiev, Constantin, What the Hack: Systematic Risk Contagion from Cyber Events (September 7, 2017). Available at SSRN: https://ssrn.com/abstract=3033950.

Enjoy.

Sunday, June 11, 2017

10/6/17: Visualizing Cyber Security Attacks


Here is a brilliant visualization of data breaches over time and by size: http://www.visualcapitalist.com/worlds-biggest-data-breaches/.


As the chart above clearly shows, the number of reporter/disclosed attacks has exploded, staring with 2014, and the volume of attacks (data files impacted) has blown out starting 2010 (note: Yahoo attacks were severely lagged in reporting). In part, the two factors are down to changes in reporting and disclosure rules, and in part they are down to changes in reporting practices. But, as we observe econometrically in our recent papers on the subject: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2892842 and https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2904749, the pattern on frequency, severity and impact of attacks, as well as their typology, are richer than the chart above provides.

Starting with 2010s, the typology of cyber security risks and attacks has been shifting from malicious and accidental losses of hardware and accidental disclosures of data to malware-based hacks, direct hacks, and illegal disclosures. The distribution of attacks has been changing since 2014, with smaller and larger, state and private sector players being hit with higher frequency, as opposed to the 2000s-early 2010s when we had more concentrated distribution of attacks. And, crucially, the impact of the attacks is also changing: starting with 2014, we are witnessing systemic shocks contagion propagating from individual attack targets to their exchanges and even to other exchanges.