Home > Research > Publications & Outputs > Could a cyber attack cause a systemic impact in...

Electronic data

  • Systemic risk - Author accepted

    Accepted author manuscript, 726 KB, PDF document

    Available under license: CC BY-ND: Creative Commons Attribution-NoDerivatives 4.0 International License

  • WarrenKaivantoPrince(2018)CouldaCyberAttackCauseaSystemicImpactintheFinancialSector

    Final published version, 1.06 MB, PDF document


View graph of relations

Could a cyber attack cause a systemic impact in the financial sector?

Research output: Contribution to Journal/MagazineJournal articlepeer-review

<mark>Journal publication date</mark>21/12/2018
<mark>Journal</mark>Bank of England Quarterly Bulletin
Issue number4
Number of pages11
Pages (from-to)1-11
Publication StatusPublished
<mark>Original language</mark>English


There is not a uniform view of the link between cyber risk and systemic risk: some assume a direct link whereas others query the connection. Beyond nation states, the vast majority of independent cyber attackers are currently unlikely to have the capability to systemically impact the financial sector. The financial sector has a large number of environmental features which are conducive to a systemic cyber compromise. There are no current examples of systemic cyber risk crystallising and impacting the real economy but this does not prove an absence of risk. We conclude there is a credible case to link cyber risk to systemic risk in the financial sector. Recommendations for future consideration include: further development of the intelligence-led approach to cyber security; policy responses that seek to cut through sectoral, geographical and public/private boundaries; organisations should accept that compromises are likely to happen and therefore prioritise response and recovery activities; undertake further studies to better understand the relationship between data integrity and authenticity, trust in financial services and the potential for real-economy impact via a cyber attack; a specific focus on risks associated with third-party dependencies.