Discussion paper

DP13324 Some Principles for Regulating Cyber Risk

We explain why cyber risk differs from other operational risks in the financial sector. The form of cyber shocks differs because of their intent, probability of success, possibility of a hidden phase and evolving form of the risks. The impact differs because problems can spread quickly and because uncertainty over the possibility of a hidden phase can impact responses. We explain why private incentives to attend to these risks may differ from societies’ preferences and develop six (micro- and macroprudential) regulatory principles to deal with cyber risk.

£6.00
Citation

Kashyap, A and A Wetherilt (2018), ‘DP13324 Some Principles for Regulating Cyber Risk‘, CEPR Discussion Paper No. 13324. CEPR Press, Paris & London. https://cepr.org/publications/dp13324

Regulation cogs
VoxEU Column

Financial stability and macroprudential regulation under diagnostic expectations

    ![](../../../../../../../../../../var/folders/34/zq18d8kx7kbgby0j06p_j6t40000gn/T/TemporaryItems/NSIRD_screencaptureui_EM2XPo/Screenshot 2022-01-04 at 17.01.16.png)
  • Financial Regulation and Banking
    • ![](../../../../../../../../../../var/folders/34/zq18d8kx7kbgby0j06p_j6t40000gn/T/TemporaryItems/NSIRD_screencaptureui_EM2XPo/Screenshot 2022-01-04 at 17.01.16.png)
  • Macroeconomic policy