A new IMF-MAS paper presents data sources and methods that can be used to analyse and assess cyber risk, illustrated with applications to Singapore.
The IMF (International Monetary Fund) and MAS (Monetary Authority of Singapore) have jointly issued a new working paper offering a range of analytical approaches to assess and monitor cyber risk in the financial sector.
Singapore is used as a case study to illustrate the techniques described, because of its developed economy and financial system, rapid adoption of fintech, and its “significant commitment” to building capabilities in cybersecurity.
The paper highlights limited data availability as a key challenge to assessing and monitoring cyber risk. The few datasets that are publicly available tend to only provide a short time series for analysis, it says. Meanwhile, financial institutions are reluctant to disclose cybersecurity incidents except where regulations require it, and reporting is generally not standardised, making it difficult to estimate losses.
Despite these challenges, the paper finds that some data and methods are readily available to analyse cyber risk. In particular, it highlights the use of traditional…