This website uses cookies.

By clicking the "Accept" button or continuing to browse our site, you agree to first-party and session-only cookies being stored on your device to enhance site navigation and analyze site performance and traffic. For more information on our use of cookies, please see our Privacy Policy.

  1. Home
  2. Journals
  3. AEA Papers and Proceedings
  4. May 2019
  5. Some Principles for Regulating Cyber Risk

Some Principles for Regulating Cyber Risk

Download Full Text PDF

Abstract

We explain why cyber risk differs from other operational risks in the financial sector. The form of cyber shocks differs because of their intent, probability of success, possibility of a hidden phase, and evolving form of the risks. The impact differs because problems can spread quickly and because uncertainty over the possibility of a hidden phase can impact responses. We explain why private incentives to attend to these risks may differ from societies' preferences and develop six (micro- and macroprudential) regulatory principles to deal with cyber risk.

Citation

Kashyap, Anil K., and Anne Wetherilt. 2019. "Some Principles for Regulating Cyber Risk." AEA Papers and Proceedings, 109: 482-87. DOI: 10.1257/pandp.20191058

Additional Materials

JEL Classification

  • G00 Financial Economics: General
  • K24 Cyber Law
  • L51 Economics of Regulation