Cyberattacks present a complex, advancing danger to the global financial system, with recent breaches exposing deep-rooted vulnerabilities. Given the rapid digitization of the financial sector and the proliferation of cyber threats, any cyber event with far-reaching consequences for economic and financial stability can pose a serious risk.

Beyond idle speculation, how can risk managers measure and manage these risks in a rigorous fashion? Before answering this question, it’s important to remember that cyber risks typically exist both within and outside of a financial institution, and therefore present unique challenges.

For example, a ransomware attack could lock a business out of its own systems, directly affecting its ability to operate. But the risks don’t end there. Customers could be the victims of identity theft (with fraudulent accounts opened in their names), and a lender in this situation must consider how to deal with a credit default resulting from a customer who has been cut off from his or her payment accounts.