Some Principles for Regulating Cyber Risk
- (pp. 482-87)
Abstract
We explain why cyber risk differs from other operational risks in the financial sector. The form of cyber shocks differs because of their intent, probability of success, possibility of a hidden phase, and evolving form of the risks. The impact differs because problems can spread quickly and because uncertainty over the possibility of a hidden phase can impact responses. We explain why private incentives to attend to these risks may differ from societies' preferences and develop six (micro- and macroprudential) regulatory principles to deal with cyber risk.Citation
Kashyap, Anil K., and Anne Wetherilt. 2019. "Some Principles for Regulating Cyber Risk." AEA Papers and Proceedings, 109: 482-87. DOI: 10.1257/pandp.20191058Additional Materials
JEL Classification
- G00 Financial Economics: General
- K24 Cyber Law
- L51 Economics of Regulation