EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Cyber incident cost estimates and the importance of building resilience

Rosie Collins, Cavan O’Connor-Close and Aria Zhang
Additional contact information
Aria Zhang: Reserve Bank of New Zealand, http://www.rbnz.govt.nz

Reserve Bank of New Zealand Bulletin, 2020, vol. 83. No.2, No 2, 17 pages

Abstract: Cyber resilience is the ability to withstand, contain, and rapidly recover from a cyber incident by anticipating and adapting to cyber threats and other relevant changes in the environment. With the development of digitalisation, the financial sector enjoys more opportunities to improve customer experience and drive efficiency. The flip side is an increasing exposure to cyber risk due to ever-evolving cyber threats, the contagion effects of cyber incidents, a shortage of cybersecurity professionals, and increasing outsourcing to third parties. These developments pose both ongoing and new challenges for firms as they must constantly invest in maintaining their desired level of cyber resilience. Cyber risk imposes costs upon the financial sector, not only for financial institutions but also for their customers and the financial system as a whole. These costs include both direct costs from financial loss and indirect costs such as reputational damage and the opportunity cost from foregoing more productive investment. A good understanding of these costs is important in order to raise general awareness and to inform decisions around the management of cyber risk. Estimating these costs, however, is not easy. The fast-evolving nature of cyberattacks, a lack of historical data and the difficulty of quantifying the adverse impact on customer confidence and financial stability all mean that robust and reliable cost estimates are difficult to establish. This article draws on two internationally recognised methods to shed more light on the potential cost that cyber risk poses to the banking and insurance sectors in New Zealand. The first method is a bottom-up approach that uses firm specific data from abroad which is then extrapolated to New Zealand. The second method uses top-down analysis, linking the cost of cyber incidents to GDP. Both methods rely on historical survey information, assumptions and expert judgment, and neither method takes into account extreme events that have a low probability but are still plausible, i.e. black swan events. There are also some definitional discrepancies to contend with.

Date: 2020
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://www.rbnz.govt.nz/hub/-/media/project/sites ... 20/rbb2020-84-02.pdf

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:nzb:nzbbul:feb2020:2

Access Statistics for this article

More articles in Reserve Bank of New Zealand Bulletin from Reserve Bank of New Zealand Contact information at EDIRC.
Bibliographic data for series maintained by Reserve Bank of New Zealand Knowledge Centre ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:nzb:nzbbul:feb2020:2