Cyber risk poses a major threat to financial stability, yet financial institutions still lack consensus on the definition and terminology around cyber risk, and lack a common framework for confronting these hazards. This impedes efforts to measure and manage such risk, diminishing institutions’ individual and collective readiness to handle system-level cyber threats. In this blog post, we describe the proceedings of a recent workshop, where leading risk managers, academics, and policy makers gathered to discuss proposals for countering cyber risk. This workshop is part of a joint two-phase initiative between the Federal Reserve Banks of Richmond and New York and the Fed’s Board of Governors to harmonize cyber risk identification, classification, and measurement practices.
The term “operational risk” often evokes images of catastrophic events like hurricanes and earthquakes. For financial institutions, however, operational risk has a broader scope, encompassing losses related to fraud, rogue trading, product misrepresentation, computer and system failures, and cyberattacks, among other things. In this blog post, we discuss how operational risk has come into greater focus over the past two decades—to the point that it now accounts for more than a quarter of financial institutions’ regulatory capital.