What’s to be done about Cyber Risk to Financial Stability?

Experts at Columbia University’s School of International and Public Affairs (SIPA) have been engaged in the Project on Cyber Risk to Financial Stability (CRFS) since 2016. In addition to publishing some excellent working papers, such as “The Future of Financial Stability and Cyber Risk” and “The Ties That Bind: A Framework to Assess the Linkage Between Cyber Risks and Financial Stability,” the Project on CRFS has hosted a series of workshops with experts from the financial sector, the public sector, and academia to explore the issues.

A recent meeting in New York City convened a diverse group of authorities to discuss the impact of cyber risk on financial stability, public and private sector efforts to address the risks, and forward-looking prescriptions to addressing the problem. The dialogue yielded some themes:

1.     Common standards and expectations would close gaps in resiliency. Of great concern to financial systems is, of course, OT and the systemic risk of interdependencies and exposure to cascading effects. A common lexicon of terms and alignment of national and international standards would support risk mitigation by supporting discussion of key exposures and pre-emptive warnings. This would also enable effective regulatory frameworks. 

2.     In a world where cyber actions are often intentionally hostile and intentionally timed, a Public / Private partnership will be required to effectively prioritize issues. Agreement on top priorities will encourage commitment of resources in both sectors (all manner of research including the development tools and models).

3.     A collective of approaches from different sectors can provide solutions to the persistent data challenge. Development of models that can support trend analysis and benchmarking, and creation of policy incentives to data sharing will be foundational to more sophisticated risk management methods.

While the above captioned themes have been in the public discourse for some time now, the research and development of solutions and alignment amongst various sectors has increased.  Looming risks such as the “weaponization of data” will continue to erode trust. Ongoing dialogue and cooperation will be a meaningful bulwark against such a decline.