Tag Archives: cyber management

Interconnectedness of banking system at risk of cyberattack

The Federal Reserve Bank of New York’s Staff Report No. 909 explores how a cyberattack on several small or midsize banks could create an interbank funding failure. Such a failure would lead to a broader systemic liquidity crisis. Putting cybersecurity tools and policies in place at individual banks would not address the interconnectedness of the entire banking ecosystem. However, employing a thorough modeling approach that takes into account the potential points of cascading failures would help decision makers understand the interconnectedness of their risks, as Milliman’s Chris Harner, Chris Beck, and Blake Fleisher discuss in their article “Cyberattacks could cripple U.S. financial system.”

The Three R’s to understanding the complexities of cyber risk

Cyber is proving itself to be the ultimate enterprise risk, encompassing not only information technology, but also risks involving vendors, people, legal questions, and reputation, all while moving with stealth and a velocity that is extremely difficult to cope with.

What often flies under the radar is the risk posed to companies that are not the direct target of cyberattacks. Who could have predicted that an attack targeting Ukraine would simultaneously affect global shipping, a pharmaceutical company in the U.S., and a chocolate company in Australia? This type of risk event was unprecedented until the release of NotPetya in June 2017.

The attack on Maersk is an example of the law of unintended consequences when it comes to cyber. NotPetya’s impact on the shipping company illustrates the “Three R’s” of complex risks like cyber: robustness, resiliency, and redundancy.

In this article, Milliman’s Chris Harner, Chris Beck, and Blake Fleisher view Maersk’s experience and response to NotPetya through the lens of the Three R’s.