Cyber risk stress testing

Challenges

The disruptive character of cyber risk makes it hard to measure

Cyber risk commonly refers to any risk of financial loss, disruption or damage to the reputation of an organization resulting from the failure of its IT systems. Cyber attacks appear in diverse manner ranging from DDoS attacks to sophisticated ransomware. Today, the cyber crime "industry" is mainly monetary driven and well organized. Recent examples of attacks at Equifax, JP Morgan or DKB show that financial institutions are increasingly affected. Although number of incidents are increasing, the relative financial impact is still moderate—cyber is a tail-risk which is heavily underestimated today.

Solutions

Cyber risk stress testing to identify vulnerabilities and quantify financial impact

Parametric and ex-post-oriented approaches like Value at Risk are not capable of capturing the disruptive and extreme character of cyber risk. Therefore, we recommend to invest in a cyber stress testing tool-box. In close cooperation of risk experts and IT ops / security teams, stress scenarios can be designed a parametrized to cover the "unknown unknowns" which make cyber risk so malicious.

Benefits

An interactive simulation model in a flexible and modular environment

  • Scenario-based model covering specific risk-drivers and parameters of different cyber attack types (e.g. data breach, botnets, DDoS)
  • Multi-period dynamic model capturing timely development of cyber attacks
  • Consistent modelling of financial impact in terms of sales, costs and equity value
  • Modular and flexible modelling environment
  • Cloud-based and interactive reporting