International Monetary Fund. Monetary and Capital Markets Department
The Norwegian financial system has a long history of incorporating new technology. Norway is at the forefront of digitization and has tight interdependencies within its financial system, making it particularly vulnerable to evolving cyber threats. Norway is increasingly a cashless society, with surveys and data collection suggesting that only 10 percent of point-of-sale and person-to-person transactions in 2019 were made using cash.1 Most payments made in Norway are digital (e.g., 475 card transactions per capita per annum)2 and there is an increase in new market entrants providing a broad range of services. Thus, good cybersecurity is a prerequisite for financial stability in Norway.
Joseph Goh, Mr. Heedon Kang, Zhi Xing Koh, Jin Way Lim, Cheng Wei Ng, Galen Sher, and Chris Yao
Cyber risk is an emerging source of systemic risk in the financial sector, and possibly a macro-critical risk too. It is therefore important to integrate it into financial sector surveillance. This paper offers a range of analytical approaches to assess and monitor cyber risk to the financial sector, including various approaches to stress testing. The paper illustrates these techniques by applying them to Singapore. As an advanced economy with a complex financial system and rapid adoption of fintech, Singapore serves as a good case study. We place our results in the context of recent cybersecurity developments in the public and private sectors, which can be a reference for surveillance work.
Emanuel Kopp, Lincoln Kaffenberger, and Christopher Wilson
Cyber-attacks on financial institutions and financial market infrastructures are becoming
more common and more sophisticated. Risk awareness has been increasing, firms actively
manage cyber risk and invest in cybersecurity, and to some extent transfer and pool their
risks through cyber liability insurance policies. This paper considers the properties of cyber
risk, discusses why the private market can fail to provide the socially optimal level of
cybersecurity, and explore how systemic cyber risk interacts with other financial stability
risks. Furthermore, this study examines the current regulatory frameworks and supervisory
approaches, and identifies information asymmetries and other inefficiencies that hamper the
detection and management of systemic cyber risk. The paper concludes discussing policy
measures that can increase the resilience of the financial system to systemic cyber risk.