Tamas Gaidosch, Frank Adelmann, Anastasiia Morozova, and Christopher Wilson
This paper highlights the emerging supervisory practices that contribute to
effective cybersecurity risk supervision, with an emphasis on how these practices
can be adopted by those agencies that are at an early stage of developing a
supervisory approach to strengthen cyber resilience. Financial sector supervisory
authorities the world over are working to establish and implement a framework
for cyber risk supervision. Cyber risk often stems from malicious intent, and a
successful cyber attack—unlike most other sources of risk—can shut down a
supervised firm immediately and lead to systemwide disruptions and failures.
The probability of attack has increased as financial systems have become more
reliant on information and communication technologies and as threats have
continued to evolve.