Cyber Risk Management in Banks

2019 ◽  
pp. 38-50
Author(s):  
İsmail Yıldırım
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Banking System ◽  
Significant Risk ◽  
Significant Risk Factor ◽  
Security Risks ◽  
Individual Level ◽  
Security Issues ◽  
The Status ◽  
Cyber Risk

Security vulnerabilities available in cyber security systems lead to virtual and physical damages to financial systems which in turn cause national- and individual-level security issues. Today's world is being shaped by digital technology, and cyber threats to information constitute a significant risk factor for businesses. This study explores the cyber security risks the banking system may encounter. The status of banking system, a system which includes a number of online services, in Turkey with respect to cyber security risks and the current risks are assessed and presented along with possible solutions. This study analyzes e-payment systems (online banking and e-trade/the use of debit/credit cards) and the supply chain, the backbone of the e-finance system, with respect to national cyber security risks. Nevertheless, cyber risk insurance, an emerging tool for cyber risk management, was analyzed in detail.

scholarly journals Kiberbiztonság a koronavírus idején – a COVID–19 nemzetbiztonsági aspektusai

2021 ◽  
Vol 2 (1) ◽  
pp. 78-87
Author(s):  
Tamás Palicz ◽  
Balázs Bencsik ◽  
Miklós Szócska
Keyword(s):  
Cyber Security ◽  
Vaccine Development ◽  
Significant Risk ◽  
Significant Risk Factor ◽  
Distance Measures ◽  
Data Traffic ◽  
Home Office ◽  
Emergency Case ◽  
Wide Range ◽  
Almost All

Összefoglaló. A COVID–19 pandémia az információbiztonság területén új kihívásokat jelentett. A távolról végzett munka különböző formái jelentős mértékben növelték az online tér biztonsági kockázatát. Nőtt a hálózatok nagysága, az adatforgalom, és azon felhasználók száma, akiknek nem volt érdemi tapasztalatuk az online térben. A járvány ideje alatt a kibertérből érkező támadások szektoronként és időszakonként eltérő intenzitásúak voltak, a támadások típusa a phishingtől a malwareken keresztül az információs zavarkeltésig széles spektrumban változott. Számos jelenségnek nemzetbiztonsági vonatkozásai is voltak. Összefoglaló cikkünkben a fenti jelenségek nemzetközi és hazai tapasztalatait összegezzük, különös figyelmet szentelve az egészségügyi rendszernek, illetve a vakcinafejlesztés kibertérből érkező fenyegetéseinek. Summary. During the COVID-19 pandemic, new challenges emerged in the field of information security and cyber security. Home office, home schooling and distance learning, or even telemedicine hit some organizations unprepared. Security risks in online space have increased significantly: the number of network endpoints and the number of computers, laptops and mobile devices have increased with network data traffic as well as the number of users who had no significant experience in online space. They appeared as a significant risk factor. This has been exacerbated, especially in healthcare, by the extremely high workload, which has made systems highly vulnerable. During the epidemic, attacks from cyberspace varied in intensity from sector to sector and period to period. Statistics from international and national organizations have shown that from the end of the first quarter of 2020, the number of cyber security incidents jumped sharply and then remained high even after a small decline. The types of attacks had an extremely wide range: from phishing through malware to misinformation, almost all types of attacks occurred. Many phenomena also had national security implications. Ransomware virus attacks on health have affected almost all health systems and reached high levels by the end of 2020 in particular. It was during the first period that, in an emergency case, there is thought to be an association between a ransomware virus attack and the death of a patient who was not admitted because of the attack. In addition to distance measures and the associated increase in cyber threats, the emerging threats related to vaccination, which is central to the fight against the epidemic, should also be highlighted. This period has shed light on how many vulnerabilities there are, from vaccine development through drug trials to delivery to vaccines and the organization of vaccines, that cybercriminals are able to attack. In order to prevent and combat these threats and attacks, and to respond appropriately, complex, multidisciplinary collaborations are needed in which security science has a privileged place. In our review article, we summarize the international and national experiences of the above phenomena, paying special attention to the health care system and the threats coming from cyberspace in vaccine development.

Cyber risk management in SMEs: insights from industry surveys

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Felicitas Hoppe ◽  
Nadine Gatzert ◽  
Petra Gruner
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Future Research ◽  
Management Process ◽  
Content Type ◽  
Security Culture ◽  
Current State ◽  
Enterprise Risk ◽  
Risk Management Process ◽  
Cyber Risk

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

scholarly journals Corporate risk, intelligence and governance in the time of cyber threat

2014 ◽  
Vol 4 (1) ◽  
pp. 16-22 ◽  
Author(s):  
Christopher Bronk
Keyword(s):  
Cyber Security ◽  
General Concept ◽  
Digital Form ◽  
Economics Of Information ◽  
Policy Makers ◽  
Security Issues ◽  
Cyber Threats ◽  
Risk Intelligence ◽  
Corporate Risk ◽  
Cyber Risk

Cyber security is an issue of foremost interest for policy makers in the world’s governments, corporations, NGOs, academic institutions, and other associations, however remedy for the myriad cyber threats and vulnerabilities continues to elude technologists and policy makers alike. In this paper, we consider the concept of cyber risk intelligence, a general concept of understanding the varied phenomena that impact an organization’s capacity to secure its digital communications and resources from eavesdropping, theft or attack. We also consider the deeper economics of information held and transmitted in digital form and how those economics may alter thinking on modeling of risk. Finally, we offer guidance of how organizations and entire sectors of business activity may want to alter their thinking on cyber security issues beyond a technological framing to an informational one aligned with business activities.

Obtaining reasonable assurance on cyber resilience

2019 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Filip Caron
Keyword(s):  
Risk Management ◽  
Real World ◽  
Cyber Security ◽  
Design Methodology ◽  
Content Type ◽  
Security Controls ◽  
Conceptual Designs ◽  
Testing Techniques ◽  
Traditional Process ◽  
Cyber Risk

PurposeThe purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.Design/methodology/approachThe paper starts with an identification of the applicable cyber-testing techniques and evaluates their applicability to generally accepted assurance schemes and cyber-security guidelines.FindingsCyber-testing techniques are providing insight in the effectiveness of the actual implementation of cyber-security controls, which may significantly deviate from the conceptual designs of these controls. Furthermore, cyber-testing techniques could provide concise input for cyber-risk management and improvement recommendations.Originality/valueThe presented cyber-testing techniques could complement traditional process-oriented assurance techniques with specialized technical analyses of real-world implementations that focus on the adversaries’ viewpoint.

ENTERPRISE CYBERSECURITY RISK MANAGEMENT IN THE ERA OF THE COVID-19 EPIDEMIC THREAT

2021 ◽  
Vol 22 (3) ◽  
pp. 133-141
Author(s):  
Katarzyna Kucia
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Cyber Security ◽  
Important Determinant ◽  
Business Management ◽  
Negative Consequences ◽  
Security Risks ◽  
Methods And Techniques ◽  
Modern Business

Risk management is one of the most important areas in modern business management. Risk is an integral part of the functioning of all economic entities, including enterprises. At a time of intense development of information technology, cybersecurity can be considered an important determinant of risk, which has a significant impact on all activities undertaken by the company. In the COVID-19 emergency, most organizations were forced to move some areas of their operations into cyberspace, increasing their exposure to cybersecurity risks. The purpose of this article is to identify methods and techniques to protect against the negative consequences of cyber security risks in Polish companies in the era of COVID-19 epidemic threat.

scholarly journals RISK MANAGEMENT IN THE FINANCIAL SECTOR OF UKRAINE IN THE CONTEXT OF CYBER THREATS AND POST-PANDEMIC ECONOMIC RECOVERY

2021 ◽  
pp. 19-27
Author(s):  
Nazar Demchyshak ◽  
Anastasiia Shkyria
Keyword(s):  
Risk Management ◽  
National Security ◽  
Cyber Security ◽  
Financial Sector ◽  
Cyber Attacks ◽  
Cyber Threats ◽  
The World ◽  
Cyber Threat ◽  
Security Index ◽  
Cyber Risk

Purpose. The aim of the article is substantiation of approaches of domestic and foreign scientists to risk management in the financial sector of Ukraine in the context of cyber threats and the need to ensure national security and post-pandemic economic recovery. Methodology of research. General scientific and special methods of scientific research are used in the article, in particular: induction, deduction, scientific abstraction - to reveal the essence of the concepts of "cyber threat", “cyber security" and "digitalization"; statistical and graphical methods - to assess the current situation in the field of cyber defence in the world and the national cyber security index; methods of analysis and synthesis - in substantiating the conclusions of the research. Finding. Definitions of cyber risk, approaches to its interpretation and classification were considered. The importance of cyber security in the digitalization of the national economy was argued. The Strategy of Ukrainian Financial Sector Development until 2025 is analysed. The world statistics of frequency and losses due to cyber-attacks are studied and the cyber threats that caused the greatest losses in Ukraine are identified. The analysis of Ukraine’s positions in the National Cyber Security Index 2020 is carried out. The directions of cyber threat prevention that can be useful for Ukrainian companies are substantiated. Originality. The author’s definition of the term "cyber risk" is proposed, in which special attention in focused on the effects of cyber threats. The importance of cyber risk management in the conditions of inevitability of digitalization in the financial sector of Ukraine is substantiated. Approaches to the prevention of cyber-attacks, the implementation of which is necessary for the successful digital transformation of Ukraine, are proposed. Practical value. The results of the research will contribute to the formation of an effective risk management system in the financial sector of Ukraine in terms of digitalization of the financial space and post-pandemic recovery of the national economy. Key words: national security, cyber risk, cyber threat, cyber defence, digitalization, post-pandemic recovery, fintech.

scholarly journals FORECASTING COSTS OF CYBER ATTACKS USING ESTIMATION THE GLOBAL COST OF CYBER RISK CALCULATOR V 1.2

2021 ◽  
Author(s):  
Julija Gavėnaitė-Sirvydienė ◽  
Algita Miečinskienė
Keyword(s):  
Cyber Security ◽  
Cyber Attacks ◽  
Future Research ◽  
Risk Calculator ◽  
Estimation Model ◽  
The Public ◽  
Security Issues ◽  
Baltic Countries ◽  
Global Cost ◽  
Cyber Risk

Purpose – due to the constant increase of cyber-attacks not only the measures of identifying and controlling cyber risks are created, but also the methods of estimating possible cyber-attacks financial costs should be developed to increase business preparedness. The purpose of this research is to forecast potential costs of cyber-attacks in Baltic countries. Research methodology – to achieve the aim of the article and prepare a prognosis of possible cyber-attacks costs the Estimation the Global Costs of Cyber Risk Calculator V 1.2 tool was used. Findings – estimated costs of cyber-attacks in Lithuania, Latvia and Estonia are highest in the public business and ser-vices sector and also in the defense sector. According to conducted calculations the costs of cyber-attacks in Lithuania will reach 1% of GDP of Lithuania by 2026. Research limitations – in this research the costs of cyber-attacks are estimated regarding industries of business but not excluding specific cyber threats. Therefore, for the future research possibilities could be the analyses of specific cyber risks and their impact to various business sectors. Practical implications – the results of the research may be useful in practical approach for preparing the risk manage-ment tools, evaluating possible damage and effect of cyber-attacks to business, also increasing preparedness level and business resilience. Originality/Value – this estimation model has been not used to evaluate and discuss cyber-risks costs in Lithuania among previous researches, therefore the topic and conducted results are original and significantly relevant for further analyses of cyber security issues in Lithuania.

scholarly journals Role of Boards in Cybersecurity Risk Profiling: The Case of Bangladeshi Commercial Banks

2021 ◽  
pp. 49-58
Author(s):  
Md. Bazlur Rahman ◽  
Tania Karim ◽  
Imtiaz Uddin Chowdhury
Keyword(s):  
Cyber Security ◽  
Commercial Banks ◽  
Banking Sector ◽  
Corporate Boards ◽  
Security Risks ◽  
Developed Economies ◽  
Risk Profiling ◽  
Depth Interview ◽  
Cyber Risk ◽  
Governance Risk

Cybercrime becomes costlier than physical crime in developed economies. As a result, it has become the top priority in governance issues in financial institutions. As a developing nation in Bangladesh, the banking sector faces multi-dimensional challenges to adopt IT applications in banking with cybercrime. The paper examines what the banking industry faces cyber security risks and how the board members contribute to identify and mitigate the risk. Through an in-depth interview among the directors of commercial banks in Bangladesh, we identified the possible cyber risk and prepared the risk profile describing the sources, implications, severity of impact, likelihood of occurrence and ranked them. The result shows that the IT governance risk, IT investment risk, and information risk are most critical among the significant cyber security risks. The results of the study have important implications for both corporate boards and policymakers.

scholarly journals Did Terrorism Affect Voting in the Brexit Referendum?

2021 ◽  
pp. 1-18
Author(s):  
Vincenzo Bove ◽  
Georgios Efthyvoulou ◽  
Harry Pickard
Keyword(s):  
Public Opinion ◽  
Terrorist Attacks ◽  
Public Security ◽  
Opinion Formation ◽  
Security Risks ◽  
Individual Level ◽  
Security Issues ◽  
Level Data ◽  
Eu Referendum ◽  
The Eu

Abstract This article contributes to the recent research on Brexit and public opinion formation by contending that the determinants of the referendum results should be evaluated against the background of wider public security concerns. The British public has long regarded terrorism as a top concern, more so than in any other European country. Terrorist attacks on UK soil raised voters' awareness of security issues and their saliency in the context of the EU referendum. The study finds that locations affected by terrorist violence in their proximity exhibit an increase in the share of pro-Remain votes, particularly those that experienced more sensational attacks. Using individual-level data, the results show that in the aftermath of terrorist attacks, citizens are more likely to reconsider the security risks involved in leaving the EU.

Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses

2018 ◽  
Vol 43 (02) ◽  
pp. 417-440 ◽  
Author(s):  
Shauhin A. Talesh
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Participant Observation ◽  
Legal Regulation ◽  
Insurance Companies ◽  
Organizational Sociology ◽  
Cyber Insurance ◽  
Privacy Laws ◽  
Cyber Risk ◽  
Management Services

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.

Sign in / Sign up

Export Citation Format

Share Document