School of Social Sciences
Master in Business Administration (MBA)
Postgraduate Dissertation
Financial Cybersecurity Risk Management, Cybernomics and
Financial Repercussions of Cybersecurity Breaches. A Study of the
Impact on Share Prices and Overall Firm Value of Cyber-Attacked
Organizations
Aspasia Evripidou
Supervisor: Efstratios Livanis
Patras, Greece, June 2023
Theses / Dissertations remain the intellectual property of students (“authors/creators”), but in the context of
open access policy they grant to the HOU a non-exclusive license to use the right of reproduction,
customisation, public lending, presentation to an audience and digital dissemination thereof internationally, in
electronic form and by any means for teaching and research purposes, for no fee and throughout the duration
of intellectual property rights. Free access to the full text for studying and reading does not in any way mean
that the author/creator shall allocate his/her intellectual property rights, nor shall he/she allow the reproduction,
republication, copy, storage, sale, commercial use, transmission, distribution, publication, execution,
downloading, uploading, translating, modifying in any way, of any part or summary of the dissertation, without
the explicit prior written consent of the author/creator. Creators retain all their moral and property rights.
Financial Cybersecurity Risk Management, Cybernomics and
Financial Repercussions of Cybersecurity Breaches. A Study of the
Impact on Share Prices and Overall Firm Value of Cyber-Attacked
Organizations
Aspasia Evripidou
Supervising Committee
Supervisor
:
Efstratios Livanis
University of Macedonia
Co-Supervisor:
Nikolaos Sykianakis
University of West Attica
Patras, Greece, June 2023
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
iv
This master's dissertation, as well as the entire MBA program, is dedicated to my son
Agisilaos, who has always been my motivation to never seize trying to become an even
better version of myself and to be a positive role model for him.
In addition, I would like to thank my parents, Themi and Angeliki, for their unwavering
support and my supervisor, Dr. Stratos Livanis, for the decisive reinforcement of my effort
and his valuable guidance towards a successful result.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
v
Abstract
The world wide web has been incorporated in our lives for many years now, as an important
tool to make our professional and academic lives, but also our day-to-day living, easier,
more effective, more efficient and more productive. It is almost impossible for an individual
or an organization to be able to choose not to use any of the tools provided by the internet,
e.g., e-shops, e-banking, teleworking, teleconference, contemporary marketing, social
networking, video and music streaming, gaming, cloud back-up and countless more. Never-
the-less, it does not only come with blessings, but also with risks, whether minor, moderate
or major, that need to be addressed, mitigated and better yet, eliminated if possible.
This dissertation will try to identify the financial risks involved with possible cybersecurity
breaches, not only for financial institutions, but also for every organization implementing
cyber tools in its processes. The financial repercussions and possible ways to mitigate or
eliminate those risks will be analyzed. A presentation of actual data, regarding the
repercussions on share prices of organizations that have been cyber-attacked and a
calculation of how much the attack has influenced them financially, will be provided.
The conducted research will be supported by literature review, in the theoretical part of the
dissertation and by secondary research, in the part regarding the financial data of cyber-
attacked organizations.
Keywords
Cybernomics, Cybersecurity, Data Breaches, Financial Repercussions, Firm Value, Risk
Management, Security Breaches.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
vi
Διαχείριση Κινδύνων Χρηματοοικονομικής Ασφάλειας στον
Κυβερνοχώρο, Κυβερνοοικονομικά και Οικονομικές Επιπτώσεις
των Παραβιάσεων της Ασφάλειας στον Κυβερνοχώρο. Μια
Μελέτη του Αντίκτυπου στις Τιμές των Μετοχών και τη Συνολική
Εταιρική Αξία Οργανισμών που Έχουν Υποστεί Κυβερνοεπίθεση.
Ασπασία Ευριπίδου
Περίληψη
Ο παγκόσμιος ιστός έχει ενσωματωθεί στη ζωή μας εδώ και πολλά χρόνια, ως σημαντικό
εργαλείο για να κάνουμε την επαγγελματική και ακαδημαϊκή μας ζωή, αλλά και την
καθημερινότητά μας, ευκολότερη, πιο αποτελεσματική, πιο αποδοτική και πιο παραγωγική.
Είναι σχεδόν αδύνατο για ένα άτομο ή έναν οργανισμό να μπορεί να επιλέξει να μην
χρησιμοποιήσει κανένα από τα εργαλεία που παρέχονται από το διαδίκτυο, π.χ.
ηλεκτρονικά καταστήματα, ηλεκτρονική τραπεζική, τηλεργασία, τηλεδιάσκεψη, σύγχρονο
μάρκετινγκ, κοινωνική δικτύωση, ροή βίντεο και μουσικής, παιχνίδια, αντίγραφα
ασφαλείας σε cloud και αμέτρητα άλλα. Παρόλα αυτά, δεν συνοδεύεται μόνο από ευλογίες,
αλλά και από κινδύνους, μικρότερους, μέτριους ή μείζονες, που πρέπει να αντιμετωπιστούν,
να μετριαστούν και, ακόμη καλύτερα, να εξαλειφθούν εάν είναι δυνατόν.
Αυτή η διπλωματική εργασία θα προσπαθήσει να εντοπίσει τους οικονομικούς κινδύνους
που συνδέονται με πιθανές παραβιάσεις της κυβερνοασφάλειας, όχι μόνο για τα
χρηματοπιστωτικά ιδρύματα, αλλά και για κάθε οργανισμό που εφαρμόζει εργαλεία του
κυβερνοχώρου στις διαδικασίες του. Θα αναλυθούν οι οικονομικές επιπτώσεις και πιθανοί
τρόποι μετριασμού ή εξάλειψης αυτών των κινδύνων. Θα γίνει παρουσίαση των
πραγματικών δεδομένων, σχετικά με τις επιπτώσεις στις τιμές των μετοχών οργανισμών
που έχουν υποστεί κυβερνοεπίθεση και θα υπολογιστεί πόσο αυτή τους επηρέασε
οικονομικά.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
vii
Η διεξαγόμενη έρευνα θα υποστηριχθεί από βιβλιογραφική ανασκόπηση, στο θεωρητικό
μέρος της διπλωματικής εργασίας και από δευτερογενή έρευνα, στο μέρος που αφορά τα
οικονομικά δεδομένα οργανισμών που υπέστησαν κυβερνοεπιθέσεις.
Λέξεις – Κλειδιά
Διαχείριση Κινδύνων, Εταιρική Αξία, Κυβερνοασφάλεια, Κυβερνοοικονομικά,
Παραβιάσεις Ασφαλείας, Παραβιάσεις Δεδομένων, Χρηματοοικονομικές Επιπτώσεις.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
viii
Table of Contents
Abstract ................................................................................................................................. v
Περίληψη.............................................................................................................................. vi
Table of Contents .............................................................................................................. viii
List of Tables ........................................................................................................................ ix
List of Abbreviations & Acronyms ....................................................................................... x
1. Introduction ....................................................................................................................... 1
1.1 Defining Cyberspace ................................................................................................... 2
1.2 Overview of Financial Transactions ........................................................................... 4
1.3 The Interconnection of Cyberspace and Financial Transactions ................................ 5
1.4 Conclusion ................................................................................................................... 7
2. Evolution of Financial Activities in Cyberspace and the Associated Risks ..................... 9
2.1 The Emergence of Financial Activities in Cyberspace ............................................. 10
2.2 Growth and Proliferation ........................................................................................... 11
2.3 Cybersecurity and Financial Activities ..................................................................... 12
2.4 Regulatory Perspectives on Cyber Threats ............................................................... 14
2.5 Current Trends and Future Risks .............................................................................. 15
3. Evolution of Risk Management Science and its Scope ................................................... 17
3.1 Traditional Risk Management Practices ................................................................... 18
3.2 Cyber Risk Management ........................................................................................... 19
3.3 Cybersecurity Measures and Tools ........................................................................... 21
3.4 Building a Cyber-Aware Culture: An Essential Component of Risk Management .. 23
3.4.1 Role of Regular Training Programs ................................................................... 23
3.4.2 Simulated Phishing Exercises ............................................................................ 24
3.4.3 Top-Down Cyber-Aware Leadership ................................................................. 24
3.4.4 Ongoing Effort ................................................................................................... 24
3.5 Future Scope of Risk Management Science .............................................................. 25
4. Cybernomics: Financial Cybersecurity Risk Management and the Financial Impact of
Risks Associated with Cyber Activities .............................................................................. 27
4.1 The Cyber Threat to Financial Institutions ............................................................... 29
4.2 The Cyber Threat to Financial Stability .................................................................... 32
4.3 The Regulatory Framework of the European Union for Cyber Risk ........................ 37
4.4 Cyber Risk Mitigation for Improved Economic Security ......................................... 38
5. Research: Impact on Share Prices of Cyber-Attacked Organizations ............................. 43
5.1 Literature review of conducted research on the impact of cyber-attacks on an
organization’s market value ............................................................................................ 43
5.2 Research methodology and data collection ............................................................... 45
5.3 Research results ......................................................................................................... 47
6. Conclusions and Suggestions .......................................................................................... 50
References ........................................................................................................................... 55
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
ix
List of Tables
Table 1. CARs per Cyber-Attacked Company and per Event Window .............................. 47
Table 2. Percentage of Negative CARs per Event Window ............................................... 48
Table 3. p-values per Event Window .................................................................................. 48
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
x
List of Abbreviations & Acronyms
AI
: Artificial Intelligence
ATM
: Automated Teller Machines
BCBS
: Basel Committee on Banking Supervision
CAR
: Capital Adequacy Ratio
DeFi
: Decentralized Finance
CISO
: Chief Information Security Officer
DLT
: Distributed Ledger Technologies
DORA
: Digital Operational Resilience Act
EBA
: European Banking Authority
EFT
: Electronic Funds Transfer
EIOPA
: European Insurance and Occupational Pensions Authority
ESAs
: European Supervisory Authorities
ESCG
: Economic and Social Council of Greece
ESMA
: European Securities and Markets Authority
ESRB
: European Systemic Risk Board
EU
: European Union
FAIR
: Factor Analysis of Information Risk
FRBNY
: Federal Reserve Bank of New York
FFIEC
: Federal Financial Institutions Examination Council
FINRA
: Financial Industry Regulatory Authority
FinTech
: Financial Technologies
FS-ISAC
: Financial Services Information Sharing and Analysis Center
FSB
: Financial Stability Board
G-SIB
: Global Systemically Important Bank
G7
: Group of Seven
GDP
: Gross Domestic Product
GDPR
: General Data Protection Regulation
HFAA
: Hellenic Finance and Accounting Association
ICOs
: Initial Coin Offerings
ICT
: Information and Communication Technologies
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
xi
IDS
: Intrusion Detection System
IT
: Information Technology
LCN
: Local Communications Network
MAS
: Monetary Authority of Singapore
MFA
: Multi-Factor Authentication
NASDAQ
: National Association of Securities Dealers Automated Quotations
NBER
: National Bureau of Economic Research
NIS
: Network and Information Security
NIS2
: Network and Information Security 2
NISD
: Network and Information Security Directive
NIST
: National Institute of Standards and Technology
NYDFS
: New York Department of Financial Services
OFR
: Office of Financial Research
PSD2
: Payment Services Directive
SEC
: Securities and Exchange Commission
SIEM
: Security Information and Events Management
SWIFT
: Society for Worldwide Interbank Financial Telecommunications
US
: United States
USA
: United States of America
USD
: United States Dollar
VaR
: Value at Risk
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
1
1. Introduction
The contemporary world is marked by an ever-expanding digital plane; a landscape of
technology and data referred to as cyberspace. This complex, interwoven network of
connected digital systems plays an integral role in almost every area of our lives, calibrating
communications, entertainment, education, and particularly, financial exchanges. (Castells,
2010).
As society has gradually shifted its focus towards digitization, so too has the financial
system. Physical methods for exchanging money and centered fiscal infrastructures are now
no longer components of this new Digital Financial Ecosystem. Here, deals are complete
with the mere click of a button—cash, once embodied in physical form, mainly exists as an
online entity that transitions respectively through cyber space. (Castells, 2010).
The transition towards digitized finance was achieved through various causes. Firstly, both
information and communication technologies (ICT) quickly advanced and became generally
accepted, becoming devices used to transact finances. Computers, mobile phones, and the
internet became new instruments utilized during financial proceedings, engaging in enriched
speed and effectiveness when it came to completing said transactions. These same tools
offered vast convenience and accessibility not previously seen within a financial system.
Consequently, having easy access to the aforesaid Digital Financial Ecosystem has opened
up pathways to take part in worldwide markets.
Alongside these developments, customer outlooks have also had major implications on the
transformation of finance to its current, digital state. As we live in an interconnected world,
customers ask for services that keep up with their demands. There is increased preference
for immediate processes across countries with minimum tangible approaches. This has
ultimately become a necessity rather than an amenity.
In spite of being a beneficial venture, digitizing finance does give rise to some issues,
including cybersecurity, confidentiality, and data safety woes. Significantly impacting both
people and associations, the direct connection between financial structures via virtual spaces
serves to escalate matters of risk management and safety significantly. In conjunction,
adhering to regulatory laws is in consequence notably more difficult to adhere to,
considering the constant technological innovations found within a digital setting. (Pagallo,
2013).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
2
Plus, forms of currency such as Bitcoin along with blockchain and distributed ledger
technologies (DLT) are redefining traditional trustworthiness and inspection for fiscal
transactions. (Böhme et al., 2015). The integration of these modern advances do offer
extended prospects but pose their own novel dangers and intricacies along the way. (Pagallo,
2013).
This thesis dissertation explores this highly interesting crossover of financial technology
and cyberspace – examining past and present practices for managing security in online
banking activities. Each chapter will provide extensive, comprehensive knowledge about
this shifting digital financial terrain; spanning from analyses of cyberspace itself, delving
into related cybersecurity worries and finally connecting all the pieces together with suitable
measures when dealing with such risks.
Chapter 1 sets the rundown of cyber space and its duties within modern day financial affairs.
At first, cyberspace is conceptualized while then moving on to discuss both standard and
digital modes of trading currencies. Finally, exploring both the advantages and potential
hazards which come with such advancements; readying the reader for upcoming topics in
the subsequent illustrations.
1.1 Defining Cyberspace
The inception of the word 'cyberspace' was originally coined by novelist William Gibson in
his 1982 short story "Burning Chrome" and further promoted through his cyberpunk novel
"Neuromancer". This term conveyed a visually stimulating, interconnected digital
landscape; an imaginary reality experienced by millions of networked computer users.
Although conceived as a fabrication, this concept went on to become an essential element
absorbed into everyday life. (Marr, 2016).
Explaining cyberspace starts with recognizing its fundamental components. Network
connections exist because of physical infrastructures - such as fiber optic cables, satellites,
and wireless technologies - which act as supportive vessels for digital communication,
providing room for websites, applications, and services we all depend on. (Marr, 2016).
Nevertheless, cyberspace is not simply an accumulation of tools and data streams. It is,
above all else, an intricate system of both technology and human interaction, comprising
fluctuations of digital innovation and continuously adapted social trends.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
3
This combination has enabled unparalleled capabilities: instantaneous connection to others,
availability of unlimited knowledge, and ability to carry out complex actions from anywhere
across the globe. Concurrently, those interconnections have bred unprecedented levels of
community, identification, and authority, affecting numerous aspects of living. (Marr,
2016).
In the financial realm, cyberspace has produced an alternative universe for monetary
exchanges - the so-called 'cyber finance' or 'digital finance'. This digitalized terra firma
serves as a huge change when compared to traditional physical operations, permitting real-
time, worldwide transfers twenty-four hours per day. Even though the advantages are
plentiful, any domain bears some danger. Since the Internet offers relative anonymity,
combined with its pervasive intertwinement, it has developed into an ideal hunting ground
for malefactors. Therefore, the necessity for cybersecurity will inevitably be heightened,
especially within the banking sector, where the trustworthiness and protection of
transactions must rise to paramount. (Böhme et al., 2015).
The diverse characteristics of the online world generate immense challenges for law
enforcement and rulemaking. Seeing as it stretches over physical fields and jurisdictions,
identifying legitimate rules and techniques turn out to be difficult. Furthermore, frequently
technological development takes precedence over legal standards.
Considering these impediments, cyberspace still remains a catalyst for transformation and
advancement. Its ever-shifting attributes assures perpetual modernization and adaptation. In
finance and elsewhere, careful navigation and exploitation of this obscure and constantly
changing composition will play a crucial part in unlocking its potential.
Finally, cyberspace reflects our intertwined actuality; made up by us but possessing power
and challenges that cannot be disregarded. A space where money - just like anything else –
became associated with the electronic world. As we cross the threshold to the 21st century,
understanding and traversing this multifaceted area will become increasingly important.
(Marr, 2016).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
4
1.2 Overview of Financial Transactions
Financial transactions are the lifeblood of the global economy. They represent the
movement of value between parties and exemplify commerce and trade in their most
elemental forms. Throughout history, these transactions have grown alongside human
society: from early civilization’s barter systems and standardized coinage to ancient
civilization's model of standardized coinage and later the acknowledgment of paper money
and banking systems (Nakamoto, 2008).
The simplest form of a financial transaction consists of exchanging money for goods or
services. In many cases, this was often accomplished via cash transactions within the more
traditional physical world (“old school”). The integrity of the money itself – its value
physically embodied in coins and notes – was trusted as it was connected directly to the
production/exchange of goods and services. Transactions were conducted ‘face-to-face’ so
that trust could be developed on the largeness of the credibility of the physical currency and
therefore its immediate portability. (Nakamoto, 2008).
With a banking system coming into play, financial transactions began to evolve new forms.
Writing, for instance, came to be replaced by check. Since the development of such systems,
checks became an avenue to transfer that did not necessarily need for physical cash. Bank
transfers enabled movement of money through banks’ accounts while credit and debit cards
gave customers another means to access and transfer funds electronically. These innovations
marked the inception of digital financial transactions though in a rudimentary format.
The dawn of the computer era seemed to allow further evolution. First came the use of
checks in connection with bank processing systems which allowed for faster and more
effective processing of transactions and thus developed out of bank transfers. Automated
Teller Machines (ATMs) meant customers could obtain round-the-clock access to their
funds; LCNs also facilitated real-time stock trading online. Electronic payment systems
brought about a revolution in how people paid for goods and services online. (Tapscott and
Tapscott, 2016).
Online connectivity has revolutionized both the means and the scope for carrying out
financial transactions. Transformations such as virtual currencies, crowdfunding, peer-to-
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
5
peer lending, remittances sent across continents in seconds, all constitute new modes of
transaction today which continue to expand transnational and even global commerce.
As financial transactions continually develop, they tend to adopt numerous new expressions
defined by distinctiveness, alacrity, intricacy, and universality. Ranging from easy retail
buying, more articulate transactions capture mortgage payments and refinancing contracts;
derivatives exchanges become strategized rescues of countries in danger of collapse; shared
insurance deals networked distribution of holdings; Crowdfunding directs financiers
towards Bitcoin investments; and digital banks open up secondary real estate investment
discourses on a national level. Fresh dilemmas appear where former clashes between cheats,
mistakes, abuses, associated perils of varying digital styles, alongside increased finance
visibility highlighting a shortage of impartiality as well as endangering consumers.
(Tapscott and Tapscott, 2016).
The regulatory response seems to be growing along with this rapidly evolving financial
transaction but still being challenged by new forms of value like cryptocurrencies, new
transaction mechanisms like blockchain, and new financial intermediaries together fintech
firms plus digital banks. (Tapscott and Tapscott, 2016).
The future financing transactions will surely continue to evolve yet propelled by
technological innovation, changing consumer needs and wider digitized economic activity:
we are witnessing one of the most transformational eras in the successive rise of knowledge-
driven finance alongside cyberspace convergence. This is why understanding the nuances
involved in protecting individuals against contemporary finance forms our discussion below
as we delve deeper into the Internet Economy and Finance modules. (Tapscott and Tapscott,
2016).
1.3 The Interconnection of Cyberspace and Financial Transactions
The emergence of the era of cyberspace has fundamentally altered the landscape of financial
transactions, introducing a level of complexity, speed, and global interconnectedness that
was previously unimaginable. This interconnection of the nature of cyberspace and financial
transactions is particularly critical within the contours of the contemporary financial
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
6
ecosystem and shapes not only the methods by which transactions are conducted but also
the nature of money, value, and trust alike.
The overarching mechanics of financial transactions can be traced back to their foundational
roots in cyberspace. Traditional transactions largely operated in a physical or material sense,
requiring personal presence and often engaging tangible forms of money. Today, the vast
majority of financial transactions take place in the digital space, enabled through modern
technologies and networks. Money can be exchanged for goods or services with just a few
clicks and later transferred across borders quickly and easily. The exchange of money for
goods or services can thus be performed with a handful of clicks and instantly later on when
needed. These digital transactions are faster, more convenient, as they do not require an
individual to physically travel to a specific location to execute them, yet they can occur at
anytime, anywhere with an internet connection. (Mougayar and Buterin, 2016).
In terms of implications, however, the intersections of cyberspace extend far beyond the
transaction mechanics. First and foremost, the digitized nature of cyberspace has introduced
new forms of money along with value (aided by cryptographic principles) that exist solely
within this realm. Cryptocurrencies exist entirely within cyberspace and operate
independently from centralized financial institutions. Digital assets such as tokens or NFTs
(non-fungible tokens) likewise represent special forms of value that can be bought and sold
using different virtual markets.
More essentially, perhaps, cyberspace has posed some form of redefinition regarding the
nature of trust in financial transactions. Traditionally, transactions tended to rest heavily on
interpersonal trust or the trust imbued towards established financial institutions. In contrast,
trust within cyberspace is usually generally building on cryptographic principles and
distributed consensus mechanisms. Verification within the Block Chain system, for
instance, allows for ‘trustless’ trust systems where no central authority is needed to swallow
the entire transaction process.
Towards this end, despite its transformative potentials, the inclusion of cyberspace also
presents myriad challenges embedded in the interconnection itself. Primarily, cyberspace
inherently heightens the vulnerability of transactions to cyber threats (this layer of harm will
keep increasing with every passing day). Such threats are not bounded to discrete individual
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
7
transactions but rather may compromise entire systems resulting instances of jeopardizing
financial stability at large.
Secondly, regulation is another key challenge especially against these interconnections in
between cyberspace and financial transactions. Subsequently considering its emergent
nature and borderless outlook, these interrelations effectively increase the vulnerability of
transactions from cyber threats in general, this layer of harm will keep increasing with every
passing day. As such, regulatory bodies must contend with diverse baffling insistent types
of financial activities taking places both inside as well as outside cyberspace, from digital
banking to cryptocurrency trading. (Böhme et al., 2015).
Hence, proliferations heralding from FinTechs have further heightened this interconnection
between cyberspace and financial transactions (FinTech innovations leverage fields such as
cyberspace’s computing capabilities to deliver financial services more efficient, accessible,
and tailored ways. Nonetheless speaking, these technologies entail complexities since they
add considerably the complexities already encountered in the field of finance. These
problems warrant constant adaptation from users, institutions, and regulators whilst
coexisting together. (Mougayar and Buterin, 2016).
It is important to note that as we come gradually closer to the future, the intertwining of
cyberspace and financial transactions will continue to deepen. evolving technologically
blossomed futuristic technologies hold tremendous influence as they shape how bifurcate
into the future of finance and ask for ongoing adaptation, vigilance, strategic sensibilities
among other responses from all actors involved in the financial ecosystem simultaneously.
1.4 Conclusion
Detailing what comprises cyberspace all the way to surveying the revolution of financial
operations, one concept has become a veritable element of our lives: cyberspace. Its smooth
incorporation into our day-to-day procedures is particularly discernible in regard to finance.
From physically carried out finances to digitally organized actions, a shift towards a
digitized first viewpoint has been observed.
The movements encompassed within cyberspace have fully transformed financial dealings.
Regarded on a higher plane, speed, ease of access, and reach have peremptorily
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
8
metamorphosed our perception on business proceedings and personal funds management.
Additionally, newfangled definitions of money and value, such as cryptocurrencies and
online assets, have modified the method of computation itself in an unprecedented manner.
Nevertheless, abrupt alterations bring about their own dynamic set of troubles. Linking
cyber space with economic operations elevates the probability of dangers, thus establishing
cybersecurity as a top precedence. Furthermore, traditional outlines appear incapable of
adapting to the inconstancy of this evolving environment due to its vastness and
internationality. (Marr, 2016).
Financial technologies, otherwise referred to as FinTech, add to these intricacies through
pioneering advanced models of giving financial services. Simultaneously, it brings to the
surface extra susceptibilities to cybercrime. These originalities necessitate individuals,
corporations, and regulatory structures to congruently ‘modernize’ themselves. (Böhme et
al., 2015).
Going onward, the alliance among cyberspace and financial arrangements will carry on
growing. The advance of quantum computing and artificial intelligence hold considerable
potential but unravel plenty of new difficulties. Such stipulations call for unwearied
vigilance and elasticity, prepared to optimistically make use of available options while
apprehensively containing risks embedded therein.
In conclusion, the nexus between cyberspace and financial undertakings have given birth to
both precise opportunities and impediments. Further wading through succeeding chapters,
this complicated field shall be assessed, recognizing vulnerabilities and taking advantage of
benefits amid this everchanging tapestry. This sophisticated transformation is far from over
- our shrewdness, attentiveness, and precognition are essential ingredients in deciding how
adeptly this panorama will be negotiated and how its full potential can be wielded.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
9
2. Evolution of Financial Activities in Cyberspace and the
Associated Risks
This manuscript's second chapter delves into financial activities' evolution inside cyberspace
and the risks associated with it. Given that traditional financial models have shifted towards
digital platforms and consequently increased cyber threats, comprehending such matters
today is vital. (Antani and Iyer, 2017).
Advancements in technology and the internet changed finance immensely; physical location
dependence no longer exists and people accomplish transactions within seconds from
practically anywhere. This transformation democratized access to financial services,
boosted efficiency, and improved convenience. (Anonymous, 1996).
Despite all these benefits, the transition towards cyberspace exposed significant flaws once
faced by financial institutions that relied on human employees to protect assets physically.
Cybercriminals use advanced techniques to exploit vulnerabilities and hack into systems
which leads to various malicious activities such as data breaches, frauds, and thefts. (Antani
and Iyer, 2017).
Furthermore, global acceptance of digital platforms aiding financial activities has not been
uniform or linear, with some regions adapting faster than others due to cultural peculiarities,
regulatory frameworks, and technological infrastructure disparities. These variations further
complicate how cybersecurity addresses different security challenges region-wise. (Hall and
Tiropanis, 2012).
The key objective of this chapter is to provide an exhaustive overview of financial activities
and their diversification, complexities, growth, and the cyber risks related to them from their
emergence initially through online banking to modern-day decentralized finance and digital
currencies. (Población García, 2017).
Policymakers, regulators, and end-users along with professionals in technology and finance
need an appreciation of this subject matter. Due to the continuous advancements in tech,
understanding and managing emerging cybersecurity threats surrounding digital financial
ecosystems remains crucial. (Hall et al., 2009).
It remains integral for stakeholders to comprehend fully the impact technology exerts on
financial services presently and potential future developments plus abating attendant risks.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
10
Hence required proactive measures ensure consistent protection of financial activities from
cyber predators rendering a safe digital financial environment feasible. (Antani and Iyer,
2017).
2.1 The Emergence of Financial Activities in Cyberspace
The digitalization of financial activities brought about a revolutionary change in the way
people conduct their monetary affairs. This historic shift materialized due to the rapid
growth of the internet and its increasing incorporation into daily life, with online banking
and digital payment methods essential aspects of this new era. Electronic funds transfer
(EFT) systems and automated teller machines (ATMs), first introduced during the 60s and
70s, played an important role in changing how people conducted financial transactions,
making them more accessible. (Hall et al., 2009).
Despite these early technological advancements, the mass adoption of online banking only
came when they were made compatible with the Internet in the mid-1990s. Security First
Network Bank marked the true advent of online banking in the United States which proved
that the World Wide Web could support banking solutions reliably worldwide. The core
functions of online banking's early stages consisted mainly of bill payments and fund
transfers, gradually convincing consumers who resisted using them at first largely because
of security concerns. (Antani and Iyer, 2017).
Similarly, the dawn of digital payment services started alongside bank procedures. Credit
card companies led the way by introducing secure approaches for online transactions
enabling companies such as PayPal to establish themselves in 1998. eBay helped popularize
PayPal, as both entities grew hand-in-hand while becoming leading providers of digital
payment mechanisms, further driving the adoption of e-commerce businesses like Amazon
and eBay itself. Digital marketplaces were ideally suited for customers to have complete
control over purchases without the involvement of intermediaries. (Antani and Iyer, 2017).
Online banking and digital payment services generated a paradigm shift in finance by
empowering users to make critical decisions effortlessly through accessing everything
remotely gained from anywhere, markedly simplifying everyday commerce, and opening
innovative technologies for use in other economic sectors. However, there are also
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
11
significant cybersecurity risks associated with managing finances online. It has triggered
cybercriminal activity in particular, transforming such criminal activity into a genuine
challenge for banks and online shoppers alike, beginning with hackers' early attempts to
mimic users - efforts still ongoing today, despite definitive improvements in cybersecurity
measures. (Hovav et al., 2017).
2.2 Growth and Proliferation
Since the dawn of online banking and digital payment methods, financial activities in
cyberspace have shot up significantly, diversified their scope, and grown more complex.
This prodigious growth and variation have advanced with the quickening progression of
technology, alongside changed consumer behavior and the pursuit of convenience and
efficiency in financial transactions. (Artemenko and Zenchenko, 2021; Tayaksi et al., 2022).
The showing of digital currencies, especially cryptocurrencies, has proven to be a major
accomplishment in the cyberspace arena of finance. The birth of Bitcoin in 2009 introduced
an entirely virtual concept of money, operating separately from central banks.
Cryptocurrencies are powered by blockchain technologies that offer users transparency,
secrecy, as well as security. (Odlyzko, 2012). There are now thousands of cryptocurrencies
out there, with well-known ones such as Bitcoin, Ethereum, and Ripple amongst the list of
most sought-after. As a medium of exchange, digital currencies also serve as a tool for
investments and start-up fundraisers through Initial Coin Offerings (ICOs). (McShane and
Nguyen, 2020).
Crowdfunding websites have similarly developed substantially within the world of finance.
Platforms like Kickstarter and Indiegogo democratize access for entrepreneurs and creative
projects to attain funds elsewhere than usual financial institutions. Individuals, just as much
as businesses, can successfully raise capital directly from the public, thus leading to a drastic
rise in varied kinds of projects benefitting from this shift including independent films, music
albums, innovative tech devices, and social entrepreneurship projects. (Artemenko and
Zenchenko, 2021).
The expansion and spread of monetary ventures in cyberspace have spawned robo-advisors.
These automated platforms adopt algorithms to manage and optimize clients' investment
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
12
portfolios. (McShane and Nguyen, 2020). Companies such as Betterment and Wealthfront
pioneer this endeavor, furnishing frugal asset management services to those who may not
possess substantial wealth or contact a human financial advisor. Robo-advisors exemplify
the combination of precipitated technology, such as machine learning and AI, into the
financial sector; unveiling how these modern advances can create financial facilities more
reachable and cost-efficient. (Antani and Iyer, 2017).
These developments highlight the extraordinary velocity and range of alternations in
financial activities in cyberspace. (Hovav et al., 2017). They evidence the alteration towards
a shared and equalized financial network, one that incorporates the potency of technology
to comply with an assorted collection of preferences and desires. (McShane and Nguyen,
2020). On the other hand, the intensifying intricacy and advancement of these proceedings
have ideated unprecedented forms of risks. For instance, the anonymity of digital currencies
has alarmed doubtfulness about illicit activities and money laundering, conversely the
mechanization of robo- advisors have generated question concerning algorithmic judgment-
making accuracy and potential setup flaws. (Hovav et al., 2017).
Henceforth, as we explore the commencement and inspiration of cyber fiscal operations, we
must remain aware of the associated perils; enabling us to enjoy the boons of these
evolutions while lessening adverse results. (Hovav et al., 2017).
2.3 Cybersecurity and Financial Activities
As we deepen our financial involvement in the cyber realm, it is necessary to be aware of
the multiplicity of cybersecurity risks linked to such activities. The digital financial
ecosystem has attracted the nefarious attention of cybercriminals due to the delicate
information stored therein and the possibility for ample yield from a successful attack that
can leave considerable fiscal damages in its wake, as well as erode the confidence of
customers and shareholders. (Hovav et al., 2017).
Data breaches are among the most outstanding security dangers in electronic finance.
Unlicensed individuals attaining unsecured data, typically to execute swindles, compose
such problems. Financial outfits keep extensive amounts of vulnerable details, including
private recognition particulars, credit card numbers, and chronicles of transactions - a
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
13
compromise of this type of material may result in theft of identification and corresponding
losses of money for those influenced. (McShane and Nguyen, 2020).
Phishing infiltrations represent another significant menace to the banking industry.
Cybercriminals deceive parties into revealing scanty knowledge such as usernames and
passwords by pretending to be reputable organizations. Afterward, the stolen intel can be
utilized to access accounts improperly and embark on fraud. (Hovav et al., 2017).
Moreover, ransomware offenses have been an extreme danger to the fund market. Here, a
cybercriminal takes control of a network or operation and encrypts the existent data, only
unlocking them after receiving a ransom. Such attacks pose significantly bigger hazards to
banks as they require constant availability of their information and setups.
The commencement of cryptocurrencies has also generated fresh threats. The decentralized
and inadequately controlled landscape of these virtual forms of currency makes them
available avenues for laundering illegal funds and related unethical acts. Furthermore,
cryptocurrency wallets and exchanges have often borne the brunt of run-of-the-mill hacking
endeavors, resulting in heavy economic damage for certain users.
Not only do financial companies find themselves besieged by cybersecurity issues but single
users may be equally prone to difficulties if unwary. With online banking and digital
payments becoming usual strategies for conducting financial affairs, people have had to
assume increased responsibility for ensuring the protection of their economic particulars.
Inadequate awareness alongside stinted practices when it comes to safety, such as
implementing flimsy passwords or accessing shady links, bears the risk of exposing
constituents to cyberattacks. (Nayak et al., 2008).
Since technologies such as AI and machine learning are becoming increasingly essential
aspects of monetary services, new weak points might crop up. Predatory hackers can use
these advances for their gain, while unintended side effects or favoring can give rise to
supplementary cybersecurity troubles. (Hovav et al., 2017).
About the aforementioned troubles, the management of cyberspace financial matters must
monitor cybersecurity with absolute vigilance. Banks are investing considerable resources
into expanding physical defense against malware, whereas controllers strive to build
systems for ensuring the integrity of digital finances. In truth, the ever-morphing nature of
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
14
cyber offenses leads one to conclude that impressive efforts should be made to remain ahead
of potential safety issues. (Sunderaraman et al., 2020).
In conclusion, as we continue taking advantage of the convenience and efficacy of
conducting financial operations on the Internet, it is worthwhile to assess the inexorable
patchwork climate of cybersecurity risks. Acquainting oneself with such dangers represents
a crucial first step in sorting through them correctly, thereby furthering the creation and
safeguarding of a reliable digital financial platform.
2.4 Regulatory Perspectives on Cyber Threats
Regulatory bodies across the globe recognize the severity of cyber threats to the financial
sector, which plays a critical role in national economies and could endure severe
consequences from successful attacks. Regulatory measures that enforce essential security
standards, ensure consumer and market protection, and enhance accountability for managing
these risks are imperative. (McCarthy et al., 2021).
Various regulators based in the United States govern distinct areas within the financial
sector and exercise varied regulations to address cybersecurity risks. The Federal Financial
Institutions Examination Council (FFIEC) offers institutions a Cybersecurity Assessment
Tool to assess their exposure level and determine their readiness level. The New York
Department of Financial Services (NYDFS) has outlined one of the most robust
cybersecurity regulation frameworks, calling for risk assessments, cybersecurity programs,
and protocols, as well as incident reporting.
The European Union established the General Data Protection Regulation (GDPR),
applicable to all sectors, including finance, despite not exclusively targeting cybersecurity
issues. GDPR carries significant weight in how financial organizations deal with data
breaches; non-compliance may result in hefty fines, motivating entities to modernize their
data safety norms. Moreover, the EU's Network and Information Security (NIS) Directive
incorporates measures designed to achieve greater commonality in network and information
system safety around the Union.
In Asia, countries such as Singapore and Hong Kong implemented firm guidelines regarding
cybersecurity in the financial field. For instance, the Monetary Authority of Singapore
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
15
(MAS) provides technology risk management guidance, setting down principles for risk
management and best practices aimed at assisting financial institutions establish sound
frameworks for technology risk management.
As the threat landscape for cyberattacks evolves, stricter regulations on fintech,
cryptocurrencies, and decentralized finance (DeFi) are likely necessary due to the potential
risks inherent in these domains. Regulators must decide how to strike an optimal balance
between incentivizing innovation while also safeguarding against online security threats.
Tailoring regulatory necessities to specific risk factors laid out by distinct types of financial
activities will likely be crucial guiding principles for forthcoming regulations.
Collaboration among regulatory bodies internationally will be increasingly critical in
managing cyber threats amid the omnipresent nature of financial markets and security
issues. Essential moves towards more significant international collaboration in this segment
are represented by initiatives such as G7's Fundamental Elements of Cybersecurity for the
Financial Sector. (G7, 2018).
In conclusion, evolving risks to the finance sector from cybersecurity continues to foster
adjustments within regulatory frameworks. Probably, stronger, sophisticated regulations
guided by risk-based principles and enhanced international cooperation will arise in the
future. (McCarthy et al., 2021).
2.5 Current Trends and Future Risks
Online financial activities have undergone a revolutionary transformation, introducing
innovative ideas and concepts which remodel the finance industry. Decentralized Finance
(DeFi) is among the most recent advancements to appear on the scene; drawing on principles
from blockchain technology and cryptocurrency, the aim is to produce traditional financial
systems in an open-source, distributed, and unrestricted setting. (Huber and Scheytt, 2013).
Via DeFi networks, users can borrow, lend, trade, and invest in a decentralized environment
without requiring intermediaries like banks or brokerage firms. Utilizing Ethereum's
blockchain network, smart contracts are put to work to mechanize financial transactions. Its
capacity for democratizing finance, increasing financial inclusion, and producing fresh
investment opportunities has made DeFi notably well-liked. (Huber and Scheytt, 2013).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
16
Yet, alongside its merits come numerous security concerns. Smart contract vulnerabilities,
for example, present a great danger since these self-executing written codes could be
exploited by cybercriminals if hosting bugs or weaknesses, resulting in enormous economic
losses considering the immutability of blockchain preventing any modification after
deployment. Additionally, due to being decentralized and foreign boundaries not mattering,
DeFi currencies are usually operated outside standard regulatory frameworks which makes
it difficult to conform with certain laws such as anti-money laundering legislation and
deterring terrorist financing. People's digital assets are also currently a risk because of
relying on cryptographic keys — loss or theft of private keys means one permanently losing
their assets and no avenue of recovery. (Huber and Scheytt, 2013).
Consequently, the upcoming future requires us to become better prepared for further
innovations regarding online finance that may bring along additional cybersecurity threats;
quantum computing might weaken the cryptography underpinning digital currency, and the
exploitation of machine learning and AI offer susceptibilities to malicious attackers.
(Población García, 2017).
Despite such apprehensions, the hope and potential advantages attached to pioneering
developments like DeFi are considerable. (Huber and Scheytt, 2013). Therefore, to safely
promote invention while simultaneously minimizing risks associated herewith, tech
professionals, bankers, rule-makers, and individual customers alike must take part in deeper
measures of electronic assurance, instruction, and logical frameworks stringently designed
for safeguarding financial operations within cyberspace. (Huber and Scheytt, 2013; Roskot
et al., 2021).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
17
3. Evolution of Risk Management Science and its Scope
This chapter, named "Evolution of Risk Management Science and its Scope," delves into
the science behind mitigating and managing the risks coupled with financial activities in
cyberspace. Over time, risk management techniques have been altered as a result of ever-
progressing technology, the augmented complexity of cyber assaults, and the strengthened
interdependence among our digital currency networks. Successfully dealing with these
potential threats is crucial for keeping up financial stability and confidence in these services.
(Afshani, 2019).
Reflecting upon risk management regarding digital financial operations involves
distinguishing, analyzing, and controlling the probability and consequence of possible cyber
danger exposures. This necessitates the abstraction of the continually shifting security
scope, identifying defects conscious in digital capital systems, and understanding the results
that could happen if aggressors were successful. (Afshani, 2019).
The following section will evaluate the science encompassing risk control, beginning with
an overview of how it has developed in the past. The particulars of traditional approaches
to risk oversight will be discussed along with a close examination of the latest theories
associated with this field. Methods and fundamentals utilized for assessing threat levels,
countering against harms, minimizing damage, and monitoring consistencies are all major
aspects of risk management science that shall be explored herein.
The expanse of current practices in the arbitration of cyber perils associated with global
monetary exchanges needs deeper analysis. To start, we examine how risk governing is
enforced concerning banking online, digital payments, cryptocurrencies, crowd marketing
programs, robotic advisers, and novel trends like decentralized finance. Each of these areas
contains individual risks which warrant tailored plans. Additionally, we investigate the
discrepancies between cybersecurity, investigative data utilization, and legal conformity -
disciplines that are vitally linked to the equitable handling of digital capital perils. (Afshani,
2019).
We also analyze the prospect of propagation in risk assessment methods. How might it be
innovated in alignment with developing advances in digitalization and how can domination
of safety hazards be upgraded? Are there emergent measures or applications that can help
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
18
take advantage of such developments? Answering such questions provides a base for
amplifying one's knowledge of the limitations of future vulnerabilities. (Afshani, 2019).
The necessity of exploring these issues cannot be overstated. As previously outlined, the
stakes related to cyber perils regarding digital money activities are extremely high,
presenting a strong potential for disturbances in the financial framework and economic
losses. Thus, absorbing the progress and breadth of risk management science is key to
protecting these transactions from cyber dangers.
By having a comprehensive take on this subject matter, the present discussion should
influence insight into efficient hazard restraint protocols. It reinforces the importance of
ongoing research, invention, and communal effort needed in this arena, emphasizing the
prominence of proactive schematic strategies when justifiably tackling evolving cyber risks
present in the fiscal division.
3.1 Traditional Risk Management Practices
Risk management has been essential to the financial sector for ages, predating the growth
of digital technology and cyberspace. Its principles were imperative in achieving financial
stability, protecting assets, and stimulating development, forming a critical piece of strategic
decision-making. (Afshani, 2019).
Traditionally, risk management responsibilities covered credit risk, market risks, and
operational risk prevention. Credit risk is concentrated on the potential that a debtor's failure
to reimburse a loan could lead to losses. Market hazards are related to probable losses in a
portfolio due to fluctuations in examples such as interest rates, currency exchange pricing,
and equity prices. As for operational peril, these are attributed to internal process
shortcomings, staff members, technology failures, or external occurrences. (Afshani, 2019).
To successfully counter these probable consequences, various strategies and tools were
employed by fiscal entities. Credit risk was tackled with rigorous appraisal procedures,
analysis of borrowers’ trustworthiness, and measures such as portfolio diversification and
loan-to-value restrictions. Furthermore, to deal with market risk, portfolio spreading,
hedging tactical approaches, and capital liability direction were used. Likely, sophisticated
forms of measurement similar to Value at Risk (VaR) modeling helped project maximum
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
19
potential loss over a specific period. Operational jeopardy was overseen through the
supervision of operations, audits, internal controls, and continuity plans, some of which
included the usage of insurance to shift certain operational risks. (Afshani, 2019).
Still, despite these preventative steps taken, the finance business wasn't safe from serious
disruptions including the 1929 Great Depression, the 1987 Black Monday, and the 2008
global financial crisis, all of which revealed the flaws of traditional risk prevention methods,
advocating for a more comprehensive approach.
Simultaneously, the advancement of cyberspace produced new security perils to be
monitored, many of which weren't accounted for in classical risk assumption processes.
With further digitalization of economic activities, contemporary techniques had to be
implemented, requiring a transformation of risk protection science, based on cybersecurity
and data science, to be able to handle the dynamics and special difficulties of managing
private venture risks in the modern era. (Afshani, 2019).
In conclusion, traditional approaches towards risk management proved sufficient in the area
of credit, market, and operative hazard suppression yet came short in dealing with emerging
cybercrime-related dangers elicited by digitalization. (Ali et al., 2021). This warranted an
advancement of risk administration doctrines we will consider in forthcoming parts to
remain compatible with ever-changing risk landscapes whilst maintaining the veracity and
wholeness of monetary tasks on the Internet. (Afshani, 2019).
3.2 Cyber Risk Management
The dawn of cyberspace presented the fiscal sector with an array of unprecedented
challenges and risks to which conventional risk management protocols were lacking.
Subsequently, cyber risk management developed as a crucial field, incorporating precepts
from cybersecurity, data science, and financial risk management to appropriately respond
to these novel complications. (Acs et al., 2021).
At its nucleus, cyber risk management necessitates detecting, evaluating, and moderating
the likelihood and repercussions of cyber hazards on financial systems. This requires
dexterous abilities in the ever-developing dangerous environment, the susceptibilities innate
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
20
in digital financial platforms, and the potential after-effects of successful cyber-attacks. (Acs
et al., 2021).
One of the major transformations in risk management practices entailed actively spotting
and dealing with security breaches. Rather than looking into simply financial and
operational perils, businesses began continuously analyzing and monitoring the scope of
cyber threats. This included observing emerging menaces, investigating vulnerabilities
present among their setups, and deploying tools such as threat intelligence and vulnerability
assessment. (Acs et al., 2021).
A pivotal advancement was also the stress on real-time recognition and reaction.
Considering the expediency of cyber-assaults as well as the hazardous effects associated
with them, institutions can no longer bear to await exams or reviews to get knowledge about
issues. Advanced detection methods including intrusions detection systems (IDS) and
security information and events management (SIEM) systems came into existence with the
intent of promptly discovering and countering dangers. In addition, incident response plans
serve as guides to identify suitable measures to be taken after an attack.
Risk estimation too had to migrate. Traditional models employed for measuring credit or
market risks including credit scoring or VaR models are not fit for measuring cyber risks.
Original frameworks and models such as the NIST Cybersecurity Framework incorporated
with the FAIR (Factor Analysis of Information Risk) model were created to compute the
chance of breach combined with its destructive potency.
In addition, managing cyber risk required a more extensive methodology extending beyond
the Information Technology unit. It implicates cooperation among dissimilar departments
ranging from finance to operations and legal fields along with external interaction with
supervising bodies, law establishments, and other business organizations. Thus, evolution
occurred in appointing a Chief Information Security Officer (CISO) to oversee digital safety
by enterprise risk management frameworks.
Lastly, yet importantly, resilience has become paramount. Since no setup is impregnable
against cyber threats, corporations now direct attention toward building resilience, enabling
them to continue functioning optimally despite adverse situations. Introducing business
continuity plans, ingraining data backup and restoration solutions, and habitually gauging
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
21
resilience through drills and simulations are approaches adapted to deal with this. (Acs et
al., 2021).
In conclusion, the appearance of economic tasks in the virtual world initiated a vital
transmutation in risk management approaches. Cyber risk management surfaced as a brand-
new discipline amalgamating cybersecurity fundamentals, with customary risk management
proceedings and adjusting to the one-of-a-kind problems we confront today. As financial
activities online expand and diversify, cyber risk management will similarly progress
requiring constant renewal, transformation, and consciousness.
3.3 Cybersecurity Measures and Tools
Effective cybersecurity measures and tools are crucial for mitigating cyber risks in financial
activities conducted in cyberspace. They act as a line of defense, safeguarding financial
systems and data from security threats, and augmenting the general risk management
strategies mentioned earlier. (Ali et al., 2021). Firewalls serve as an initial defensive
mechanism in any cybersecurity infrastructure. It functions to monitor and manage
incoming and outgoing traffic between trusted and untrusted networks based on specific
security protocols. With firewalls in place, unauthorized access to networks is effectively
blocked, thwarting malicious activity. (Abercrombie et al., 2015).
Aside from firewalls, encryption constitutes another vital cyber-securing tool. Encryption
converts data into an unreadable format that necessitates decryption key access. As such,
even when data gets intercepted or accessed without proper authorization, it remains
unintelligible without the matching key. (Acs et al., 2021). Through precise encoding
algorithms, encryption has grown extensively employed in various realm's financial pursuits
in cyberspace, ranging from secure online banking transactions upholding digital currencies'
integrity. (Acs et al., 2021).
Multi-factor Authentication (MFA) enhances system security by demanding users to
provide two or more forms of identification evidence before being authorized for system
entry. The verification process might include details relevant to something exclusively
known by the user (e.g., passwords), items possessed by the user (e.g., hardware tokens,
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
22
mobile devices), or features attributable to the user (e.g., fingerprints, facial recognition).
(Ali et al., 2021).
In real-time detection and response processes, Intrusion Detection Systems (IDS), and
Security Information and Event Management (SIEM) play a strategic role in monitoring
networks for suspect operations and triggering alerts to stakeholders through rigorous
analysis. While IDS checks thoroughly for fraudulent activities at all times, SIEM
undertakes an extensive criticality assessment enabling targeted responses aptly tailored
towards identifying breaches and subsequent root cause analyses.
Further bolstering cybersecurity measures are antivirus and anti-malware software feature
sets that continuously protect essential systems against deleterious software like viruses,
worms, trojans, ransomware, and similar malicious entities common in cyberspace.
(Abercrombie et al., 2015). These tools employ various methods such as scanning for
malware presence, detecting it once identified and rushing to remove them so that essential
systems maintain availability and integrity. (Abercrombie et al., 2015).
Moreover, risk assessment tools exemplified by the FAIR model play a significant role in
managing the extent of cyber risks inherent within business decision-making processes. (Ali
et al., 2021). Such instruments provide diverse organizations with an array of structured
ways of critically evaluating the probability or impact likelihood concerning emerging cyber
threats ultimately informing their risk management resolutions. (Abercrombie et al., 2015).
Crucial security audits, vulnerability assessments, and penetration testing summate critical
cybersecurity measures, ensuring organizations minutely evaluate their overall system's
security postures, revealing vulnerabilities' weaknesses, and thus optimizing protocols and
procedures to work as intended in mitigating promptly any potential security threats.
(Abercrombie et al., 2015).
In conclusion, bolstering financial sector cybersecurity requires implementing a suite of
fortified cybersecurity tools from firewalls and encryption all through MFA and IDS
provisions. Since there is a constant evolution of increasingly complex cyber threats
threatening various industries, investing in state-of-the-art cybersecurity technology and
safety practices remains a high-octane requisite towards sustaining secure digital
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
23
transactions` safe environment across the entire spectrum of commercial operations. (Acs et
al., 2021).
3.4 Building a Cyber-Aware Culture: An Essential Component of Risk
Management
Cybersecurity is essential for organizations in today's digital age. It requires every
individual, regardless of their role to understand the implications and actively participate in
safeguarding against potential cyber threats. (Soin and Collier, 2013). A prevalent and
robust cyber-aware culture should be created embracing all employees. By having an
environment where staff is informed about possible dangerous scenarios, they will
comprehend the importance of, as well as the consequences attached to their actions, thus
becoming proactive in taking appropriate measures. (Soin and Collier, 2013; Ali et al.,
2021).
Cyber-attacks frequently occur due to human negligence. Promoting initiatives that
establish cyber-safe organizational policies with each member at the forefront could lead to
a substantial reduction in encountered cybersecurity risks. Lastly, cultivating the utmost
responsible practices concerning cybersecurity across the entire corporation changes
perception too. This practice instills shared responsibility instead of merely an IT concern,
making everyone more accountable for proactively preventing any future issues. (Sandhu,
2012).
3.4.1 Role of Regular Training Programs
To cultivate a culture of cyber consciousness, regular training regimens are essential. It is
paramount that such courses remain current with the fluctuating nature of digital
vulnerabilities and the reaction strategies they foster. As such, these endeavors should not
be transient but instead remain frequent and ongoing. (Acs et al., 2021).
To ensure that employees receive pertinent information regarding identifying the range of
threats including phishing and ransomware, engaging, involved programs which mimic real-
life circumstances must be promoted. Simulation training combined with examinations and
evaluations will promote Cyber Hygiene among staff members. (Acs et al., 2021).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
24
3.4.2 Simulated Phishing Exercises
Phishing continues to be one of the most widespread and insidious cyber threats. To further
fortify a system's security protocol, simulated phishing exercises have been deemed largely
beneficial. These replications of potential phishing attacks can equip staff with the know-
how required to recognize them and take appropriate counterbalances. (Sandhu, 2012).
Not only do these simulations enrich users with practical wisdom, but they also offer
organizations critical knowledge related to their employees' susceptibility to phishing
incursions, as well as the performance of pre-installed training programs. Such intelligence
serves vital roles in tailoring and refining cybersecurity systems and instructional initiatives.
(Soin and Collier, 2013).
3.4.3 Top-Down Cyber-Aware Leadership
The capacity for leadership to play a key role in forming an aware attitude towards cyber
security cannot be underestimated. It is the subject of discussion which sets the precedent
for an organization's take on the matter, meaning that if leaders foreground its necessity and
demonstrate their staunch devotion towards the cause, this will instill importance across the
entire organization. (Soin and Collier, 2013).
Leaders can prove this commitment by getting involved with cyber security instruction,
openly upholding programs associated with the topic, and incorporating conversations about
it into any strategic plans. Furthermore, they must ensure sufficient resources are delegated
towards cybersecurity procedures and make sure such considerations form part of any
business decision-making processes. (Soin and Collier, 2013; Tweneboah-Kodua et al.,
2018).
3.4.4 Ongoing Effort
Creating a culture of cyber-savviness is a perpetual undertaking. As cyber threats persist in
evolving, the organization's strategy toward cyber security must catalog with suitable
amendments. This necessitates regular reviews and alterations of training programs,
continual reminders of cyber-cautious habits, and incessant monitoring and reevaluation of
the organization's cyber risk assessment. (Sandhu, 2012).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
25
Altogether, promoting a cyber-astute atmosphere serves as a necessary cornerstone to an
enduring risk management approach. By assembling customary instructional courses,
imitation phishing initiatives, and leadership deeply immersed in cyber consciousness,
organizations can trust in an ecosystem where internet safety is everyone's due diligence,
and all personnel are trained to counter cyber perils. Given the persistent maturation of such
threats, the part of a cyber-alert climate in dealing with these hazards will only become more
definitive as time passes.
3.5 Future Scope of Risk Management Science
As cyberspace evolves, risk management must adapt to effectively manage emerging
threats. Both Artificial Intelligence (AI) and blockchain technology play central roles in this
evolution. (Soin and Collier, 2013).
By analyzing vast amounts of data for unusual patterns that indicate a cyber threat, AI
enhances risk identification and assessment. (Soin and Collier, 2013). This predictive
technology helps organizations detect and anticipate future threats based on real-time trends
and historical data. Moreover, it enables systems to automatically isolate affected networks
or IPs once a malicious attack is detected, thereby mitigating its impact. However, using AI
also introduces new risks like biased AI algorithms and the danger of adversarial attacks
designed to deceive such systems. (Sandhu, 2012).
Blockchain, famously known for supporting cryptocurrencies, offers potential benefits for
risk management. Blockchain's transparent and decentralized feature supports financial
transaction security by automating contractual obligations in a tamper-proof manner, which
reduces fraud risks. Additionally, it can improve data integrity and traceability, thus
managing operational risks and complying with regulatory requisites, among others. The
decentralized finance platforms built on blockchain technology led to more effective
methods of handling financial threats like decentralized insurance and tracking market
predictions. (Abercrombie et al., 2015).
However, similar to the risks associated with AI usage, using blockchain technology in risk
management has its potential downsides too, e.g., smart contract bugs, blockchain network
scalability, environmental impacts, and regulatory issues.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
26
Certainly, continuous innovation through research investment and collaborations between
various stakeholders will be necessary to handle the evolving cyber threat landscape.
Furthermore, developing proactive and holistic approaches, focusing not only on technical
defenses but also on organizational and human factors would be critical components in risk
management strategies. (Sandhu, 2012).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
27
4. Cybernomics: Financial Cybersecurity Risk Management and
the Financial Impact of Risks Associated with Cyber Activities
The rapid technological evolution along with the evolution of the world wide web, have
entered our lives bringing gifts, but also hazards. Every organization is using the systems
provided by technology to optimize their services, increase their profits, access more
clientele and improve the organization processes, amongst other scopes. Moreover, most
individuals make use of the electronic services provided by the organizations for their social
communications, for their financial activities, to be educated, to make purchases, to work,
etc.
All the above activities contain risks, since no system is 100% threat proof. The danger of
an organization’s system being hacked by criminals, is lurking round the corner as many
successful cyber-attacks prove. There is also the possibility of data breaches due to an
organization’s system failure, resulting in crucial data being compromised (Ali et al., 2021;
Collin & Juntti, 2016; Iosifidou, Livanis & Zournatzidou, 2019; Kamiya et al., 2018;
Kammoun et al., 2019; Li & Liu, 2021; McShane & Nguyen, 2020; Roškot, Wanasika, &
Kreckova Kroupova, 2021; Tayaksi et al., 2022; Tweneboah-Kodua, Atsu & Buchanan,
2018; “List of Data Breaches”, 2023).
The WannaCry and NotPetya ransomware incidents garnered significant attention and
inflicted substantial damage within the realm of cybercrime. The WannaCry attack in May
2017 had a significant impact on over 150 nations, while the NotPetya attack in June 2017
is believed to be the most severe cyber-attack to date, resulting in an estimated cost of US$10
billion. Cyber assaults against financial institutions, automated teller machine networks, and
card payment systems were carried out in a non-targeted manner. (Kaffenberger & Kopp,
2019).
In contemporary times, there has been a surge in ransomware attacks targeting businesses
across diverse sectors, irrespective of their scale of operations. During the latter half of 2020,
two prominent insurance companies in Spain were identified. One of the entities
experienced a severe attack that resulted in the incapacitation of 90% of its IT infrastructure,
whereas the other entity required almost six weeks to fully recover and resume operations.
(Kaffenberger & Kopp, 2019).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
28
The financial industry has been a longstanding target of cybercriminals who are primarily
driven by monetary incentives, although not exclusively so. The financial sector has been
grappling with persistent cyber risks, such as phishing and banking malware, for a
considerable period of time. (Kaffenberger & Kopp, 2019).
Despite the inherent challenges associated with accurately quantifying the total expenses
incurred by cyber calamities, it is apparent that their impact on enterprises, industries, and
the broader community is noteworthy.
According to the analysis based on a study conducted across eleven countries and involving
355 enterprises, the financial impact of cyber-attacks on prominent companies in the
financial services industry had an average cost of $18.37 million, with banks following
closely at $17.84 million. According to estimates, companies operating in the insurance
industry incur an annual expenditure of $15.76 billion, whereas those in the capital markets
sector face expenses of $13.92 billion per year.
The frequency, intensity, and complexity of cyber-attacks targeting institutions are on the
rise. A significant increase of 160% was observed in the proportion of cyber-attacks that
were solely intended to inflict harm on financial institutions (67%) from 2018 to 2019,
which is a cause for concern. As per the responses of 79% of cybersecurity directors at the
leading financial institutions across the globe, it can be inferred that cybercrime has become
increasingly sophisticated. (Kaffenberger & Kopp, 2019).
Nonetheless, cyber incidents can transpire in the absence of any malicious threat actors. The
manifestation of this phenomenon occurred in April 2018, when the information technology
infrastructure of a British financial institution under the jurisdiction of Spanish ownership
underwent relocation. After a period of three years dedicated to planning and testing, the
bank has successfully migrated its data and operations to a unified new IT platform. The
transfer of financial and customer data was accomplished, however, the new platform
experienced significant instability as a result of infrastructure and software issues. The
bank's digital and telephonic banking facilities, along with its physical branches,
experienced disruptions due to the aforementioned issues. (Kaffenberger & Kopp, 2019).
The Banco de España serves as the primary regulatory body in Spain, tasked with overseeing
the prudential supervision of credit institutions operating within the Single Supervisory
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
29
Mechanism, as well as other supervisory duties. As a central bank, its primary objective is
to facilitate the effective operation and stability of the Spanish financial system and national
payment systems, while ensuring that its actions do not interfere with the responsibilities of
the European Central Bank. The significance of cyber risk is increasingly pertinent to an
organization's operational capacity. Furthermore, it should be noted that Banco de España
has been appointed as the official national supervisory authority for financial establishments
in accordance with the recent transposition of the European Union's (EU) Directive
2016/1148 on the security of networks and information systems (NIS) into Spanish
legislation.
The research and focus on the resilience of the financial system in the event of a systemic
cyber catastrophe, as well as the potential impact of cyber risk on financial stability, are
currently expanding areas of interest. This chapter presents the issue of cyber risk from the
perspective of both the financial industry as a whole and individual institutions. The
potential influence of cyber risk on the stability of financial systems is substantiated and
reinforced through the implementation of models in the absence of historical precedent.
(Ros, 2020).
4.1 The Cyber Threat to Financial Institutions
In order to deliver their services, financial institutions rely heavily on data. The information
held by financial organizations is dependent on their IT infrastructure being stable and error-
free. These systems underpin the automated controls environment that guarantees data
integrity and are the backbone of all of their procedures and distribution channels. They also
usher in fresh possibilities for developing and enhancing established enterprises. (Goh et al.,
2020).
The expenses, investments, and intangible assets of an organization's information system
are not negligible. When these systems fail or the data becomes untrustworthy, the financial
system as a whole becomes more vulnerable. Therefore, they are easy prey for bad actors
and increase the danger to the institutions. (Kaffenberger & Kopp, 2019).
Intentional or unintentional, cyber-attacks and other events that jeopardize the security of
information systems and the data they carry are both instances of cyber occurrences. One
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
30
definition of cyber risk considers both the frequency and severity of cyber-attacks. (Goh et
al., 2020).
Cyber risk clearly involves information systems, but it also involves procedures and people,
so technology isn't the sole factor. Without qualified people and appropriate support
processes—including management systems, best practices, and governance frameworks—
it is impossible to implement and depend on technology while maintaining a sufficiently
guarded security posture. (Goh et al., 2020).
Cyber risk is distinct from other types of operational risk despite the fact that it is often
considered a subset of operational risk.
Vulnerabilities are weaknesses, susceptibilities, or defects, and they may be presented (and
often are) by cyber risk-related assets including people, processes, and technology. Cyber
risk takes the form of cyber events when these weaknesses are exploited.
Human actors with bad intentions are a major source of worry when it comes to cyber
danger. An organization's IT resources can be compromised by a variety of malicious actors,
including
(i) hostile nation-states, whose capabilities are growing more sophisticated in
comparison to other actors, (ii) terrorist groups entering the cyber arena, (iii) cybercrime
organizations, which are generally interested in making profit through cyber-attacks, (iv)
hacktivists, who are motivated by political demands, (v) disgruntled employees, and (vi)
individual malicious intrusions.
The cyber threat landscape is always shifting. Therefore, it is not surprising that several
public and commercial entities regularly release cyber risk assessment reports to monitor
their development. These statistics indicate that the financial industry is among the most
vulnerable to these types of attacks. Various types of hostile threat actors have shown an
interest in financial institutions, and cyber threats against financial institutions fit a distinct
profile. (Goh et al., 2020).
Due to their intricate and interconnected supply networks, financial institutions provide a
great hunting ground for cybercriminals. Attackers have been targeting supply chains for
years, but in December 2020, they announced a worldwide cyber-attack on an
unprecedented scale using SolarWinds Orion IT software.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
31
Traditional targeted attacks and fraud have relied heavily on compromised credentials and
identity theft. Financial institutions have been compelled to swiftly alter procedures to
permit huge and speedy telework deployment as a result of the COVID-19 pandemic. From
a technological standpoint, this has suggested a wider attack surface, which might lead to a
rise in vulnerabilities.
Traditional dangers to financial organizations now include data theft. Today's
cybercriminals often destroy data and damage systems in addition to stealing them. In the
latest round of cyber-attacks, information is not only copied but also destroyed or altered,
so naturally, this spreads suspicion. Cyber defenders and cyber adversaries alike are
experimenting with new methods of leveraging emerging technologies. On the other side,
threat actors are using deep fake technology to bolster the impact of their efforts. In this
context, efforts of disinformation and deception are of special significance. The NASDAQ,
the SEC, and FINRA are just a few of the organizations in the United States that have issued
warnings about potential increases in market manipulation in the aftermath of the COVID-
19 outbreak. (Eisenbach et al., 2020). Disinformation and misinformation are common
components of market manipulation, through which criminals hope to sway unsuspecting
investors and further their own ends. The market trust may be further eroded by the use of
extreme volatility by malicious actors. (Eisenbach et al., 2020).
It is crucial to remember that not all cyber incidents are the result of a malicious assault;
sometimes things like natural catastrophes that affect IT infrastructure or the carelessness
of authorized users may cause problems. In reality, improperly configured IT systems have
been the root cause of some of the most serious data breaches.
Cyber events may have a wider effect than many traditional shocks because of the highly
linked nature of information systems. Moreover, the advanced degree of automation in
information systems facilitates the quick propagation of cyber events, making human
intervention challenging. The potential for cyber risk to materialize and spread is higher
than that of other risks. (Goh et al., 2020).
Cyber events, whether they are the product of malicious assaults or not, may have serious
repercussions for a company's operations and profitability. Due to their reliance on IT,
financial institutions may struggle to carry out their economic duties in the event of a cyber
catastrophe. (Goh et al., 2020).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
32
Last but not least, it is hard to completely secure and eliminate cyber risk for enterprises due
to the scope and complexity of their IT infrastructure. This suggests that cyber mishaps may
be more likely than not. In reality, financial institutions may suffer irreparable harm to their
capacity to function should a cyber event occur. (Goh et al., 2020).
4.2 The Cyber Threat to Financial Stability
Upon initial examination, it may appear that cyber risk does not present a threat to the overall
well-being of the financial industry. The interconnectivity of information networks that form
the foundation of the financial system may result in the propagation of cyber incidents to
unaffiliated firms. In the event of a worst-case scenario, the repercussions of an occurrence
may extend beyond national borders and affect multiple industries. (Boer & Vázquez, 2017).
The difficulty in estimating the potential impact of cyber risk on financial stability arises
from the absence of prior cases to examine. Nonetheless, it is important to note that this
should not be construed as conclusive proof that cyber threats do not pose a risk to financial
security. (Kopp et al., 2017).
In 2017, the Office of Financial Research (OFR) in the United States issued a publication
entitled "Cybersecurity and Financial Stability: Risks and Resilience," which identified
three potential avenues through which cyber events could pose a threat to financial stability.
(Eisenbach et al., 2020). These include the absence of viable alternatives, erosion of
confidence, and compromise of data integrity. The financial system exhibits a deficiency in
substitutability through the implementation of a clearing house, while the technology sector
demonstrates a similar limitation through reliance on a primary cloud service provider.
(Boer & Vázquez, 2017).
In its 2020 report, the European Systemic Risk Board (ESRB) elaborated on the potential
ramifications of a cyber incident on financial stability. Additionally, the ESRB identified
the specific attributes of the financial system that render it vulnerable to cyber risk. The
aforementioned factors encompass the intricate interconnectivity of the system, the absence
of a distinct comprehension of said interconnections, the system's heavy dependence on
data, and the significance of confidence.
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
33
The level of interdependence is significant not only among internal components, such as
financial institutions or market infrastructures, but also between these internal components
and external entities, such as software or communication service providers. The
interconnectivity of various segments within the financial system renders it susceptible to
the propagation of cyber-attacks across seemingly disparate domains. (Kopp et al., 2017).
The degree of interconnectivity and dependence among links within and among components
of the financial system, both endogenous and exogenous, is inadequately comprehended.
This phenomenon increases the difficulty in comprehending how a potential impact on a
particular service provider could potentially trigger ripple effects throughout the entire
financial system. (Boer & Vázquez, 2017).
The significance of data to the operation of the system is such that any violation of its
confidentiality, accuracy, or availability (the three primary areas of concern in information
security) could potentially result in significant consequences. The complete cessation of a
market may occur due to factors such as the unavailability or distortion of trading prices.
(Kopp et al., 2017).
The establishment of confidence in the financial system is a process that spans several years,
yet its erosion can occur expeditiously in the event of a crisis. The potential ramifications
of cyber crises and the associated ambiguity can extend widely throughout the system. In
the event of a cyber-attack compromising account balance data at a financial institution,
even if only temporarily, the confidence of customers in the institution would be negatively
impacted. (Boer & Vázquez, 2017).
The Financial Stability Board (FSB) has established a set of three criteria, namely size,
substitutability, and interconnectivity, which can be utilized to assess the potential impact
of a single component on the entire system, in both financial and technological domains.
Size is a discernible criterion, as a cyber-incident that occurs in a segment of the system that
constitutes a significant proportion of the whole can result in extensive ramifications. (Kopp
et al., 2017).
Several indispensable components of the financial system, such as critical financial market
infrastructures (e.g., clearing and payment systems), exhibit a high degree of
irreplaceability, thereby creating potential points of failure. A cyber-incident that affects any
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
34
of these components is more probable to result in significant ramifications for the entire
system. (Boer & Vázquez, 2017).
The level of interconnectivity among various components of the financial system is a crucial
variable to factor in while assessing the probability of propagation of a cyber event. The
employment of information technology has led to a substantial increase in the level of
technological and financial interconnectedness among various components of the financial
system, as well as between these components and external entities. (Kopp et al., 2017).
The amalgamation of the cyber risk characteristics outlined in this article with those of the
financial system elucidates the potential for the manifestation of cyber risk to have extensive
ramifications. Notwithstanding the significant impact and extensive scope of a cyber-
incident, it does not necessarily imply that financial stability is at risk.
Further research is necessary to establish a correlation between the aforementioned factors,
as no prior instances of financial instability resulting from cyber incidents have been
documented. The comprehension of the potential impact of cyber risk on financial stability
can be enhanced by employing a combination of qualitative and quantitative methodologies.
(Kopp et al., 2017).
Quantitative models can be utilized to estimate cyber risk; however, their reliability is
contingent upon the availability of a substantial volume of historical data. The quantitative
impact of cybercrime was analyzed by the Federal Reserve Bank of New York (FRBNY) in
a recent publication. (Ros, 2020). This research provides a substantial contribution to the
existing literature by extensively delineating the economic ramifications of a cyber-attack
on the wholesale payments network in the United States. (Eisenbach et al., 2020).
The paper draws a conclusion from the wholesale payment statistics of 2018 that in the event
of a cyber-attack targeting any of the top five US banks, approximately 38% of the payment
network would be rendered inoperative, on average. In the event of a cyber incident
occurring on a day with higher payment volumes, the resulting economic impact could
potentially reach up to 2.7 times the daily Gross Domestic Product (GDP) of the United
States. (Eisenbach et al., 2020).
The presented model offers practical cost approximations to demonstrate the potential
detrimental effects on financial stability that may arise from a cyber-incident with
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
35
widespread ramifications. Nonetheless, the aforementioned analysis fails to scrutinize the
mechanisms that facilitate the escalation of a cyber incident and its consequential impact on
the targeted infrastructure. (Ros, 2020).
Conversely, the utilization of qualitative methodologies facilitates comprehension of the
underlying mechanisms and contextual factors involved in the manifestation of cyber risk,
as well as how these factors may intensify the adverse effects of the risk to the extent that
they compromise the stability of financial systems. The analysis of each step of the process
and the interplay of different elements during the amplification of a cyber-incident can
facilitate the identification of system vulnerabilities that are relevant to cyber security, as
opposed to those at the level of a single institution. Additionally, potential mitigants can be
identified that may help prevent financial stability issues that may arise from a cyber-
incident. (Boer & Vázquez, 2017).
The potential interaction between cyber risk and the financial system poses a threat to
financial stability. However, a conceptual model is deemed the most effective approach to
examine these possible consequences. The ESRB has developed a conceptual model to
examine the evolution of consequences resulting from cyber events while considering the
three contagion channels of operational, confidence, and financial impacts. (Ros, 2020).
The FSB's methodology for analyzing the macro-financial implications of operational and
cyber risks involves a four-stage breakdown of the progression of a cyber-incident. These
stages include the initial background, the first shock, the amplification, and the systemic
event.
The contextual phase involves an examination of the possible origins of cyber incidents and
a comprehensive delineation of the circumstances that could lead to the occurrence of such
an event. This analysis considers various factors, including the financial and non-financial
assets, the organization's capacity to manage cyber risk, and the initial circumstances (such
as a single institution being affected by an incident, multiple financial institutions being
impacted simultaneously, or through the supply chain). Additionally, the threat
classification of the risks that have materialized (such as location, motivation, and agent) is
also considered. (Kopp et al., 2017).
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
36
The initial ramifications of a cyber-attack are assessed during the preliminary phase
commonly referred to as the "shock" stage. At this juncture, the likelihood of the shock is
disregarded, and the focus is shifted towards scrutinizing the technological and commercial
ramifications of the loss of one or more of the aforementioned cyber security attributes,
namely confidentiality, integrity, and availability, consequent to the cyber event. (Kopp et
al., 2017).
The amplification stage encompasses two distinct concepts: amplifiers, which can augment
the impact or likelihood of the shock, and contagion channels, which can propagate the
shock through various means such as confidence, finances, and operations. Amplifiers can
be further classified into system amplifiers and cyber-specific amplifiers. The
aforementioned concepts are employed to examine the propagation of the primary
disturbance and the interdependencies among the affected financial entities' frameworks.
(Boer & Vázquez, 2017).
The final stage of the model, referred to as the "systemic event phase," involves the
evaluation of the point at which a cyber-incident attains systemic status, indicating that the
system is no longer capable of withstanding the attack's effects. (Ros, 2020). The
determination of a maximum impact tolerance threshold for the financial system, which
refers to the level of effect that would result in the system's collapse, is a crucial
consideration. (Ros, 2020). Additionally, the model sets a minimum threshold of effect
below which no institution, service, or economic function should operate. The disparity
between the two metrics reflects the system's capacity for absorption, or its ability to
withstand disturbances. (Boer & Vázquez, 2017; Ros, 2020).
The model described above has the potential to simulate the impact of a cyber-attack on the
financial industry, utilizing a scenario devised by the ESRB. The given scenario postulates
a cyber assault on a major financial institution's account data and payment software, leading
to the loss or corruption of data that holds monetary worth, such as account balances. (Ros,
2020).
The application of ESRB's conceptual model to this particular scenario reveals the presence
of several mitigating factors that have the potential to reduce the gravity of the incident.
Both financial transactions and interpersonal trust are significant vectors of contagion in this
instance. (Ros, 2020). The presence of ambiguity surrounding a particular matter and its
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
37
resolution can lead to a decline in confidence not only among the general populace, but also
among other stakeholders and regulatory bodies, which can subsequently extend to the
patrons of all establishments. Concurrently, the financial ramifications of the bank's actions
are also experienced by its counterparties, resulting in challenges with maintaining adequate
levels of liquidity. (Kopp et al., 2017).
4.3 The Regulatory Framework of the European Union for Cyber Risk
Regulatory bodies have long prioritized the implementation of measures aimed at mitigating
cyber risks. During the past decade, supervisory best practices and tools have primarily
focused on the soundness of single institutions. Moreover, regulatory frameworks have been
established to facilitate the identification, evaluation, and mitigation of cyber risks,
alongside equipping financial institutions to respond to cyber incidents. (Crisanto & Prenio,
2017).
The approach of European regulators towards cyber risk has been fragmented in the past,
wherein IT-related provisions have been incorporated into diverse sectoral regulations. For
instance, the Payment Services Directive (PSD2) encompasses provisions on cyber risk, but
its ambit is limited to payment service providers. (Crisanto & Prenio, 2017).
The NIS Directive, GDPR, and PSD2 are among the most significant European regulations
pertaining to the financial system, as they establish obligations aimed at improving
cybersecurity.
The NIS Directive (NISD) represents the inaugural EU-wide legislation pertaining to cyber
security. The objective is to enhance the security of the digital service providers'
infrastructure and the operators of critical services, encompassing significant financial
institutions. (Crisanto and Prenio, 2017). The objective of this initiative is to enhance the
cyber security capabilities of the nation and promote more efficient cooperation in the
context of responding to cyber events. Consequently, the implementation of a centralized
information sharing and analysis resource, along with national competent authorities and a
single point of contact for cybersecurity, is deemed necessary. (Crisanto & Prenio, 2017).
The General Data Protection Regulation (GDPR) was introduced in May 2018, marking a
significant milestone in the safeguarding of personal data. The regulation introduced
Aspasia Evripidou, Financial Cybersecurity Risk Management,
Cybernomics and Financial Repercussions of Cybersecurity
Breaches. A Study of the Impact on Share Prices and Overall
Firm Value of Cyber-Attacked Organizations
Postgraduate Dissertation
38
pioneering measures aimed at enhancing the protection of personal information. In the event
that a financial institution engages in marketing activities, data collection, or service
provision to individuals residing within the European Union, it is obligated to adhere to this
regulation. The General Data Protection Regulation (GDPR) stipulates that "appropriate
technological and organizational measures" must be employed to guarantee the security of
personal data. Non-compliance with this regulation may result in penalties of up to four
percent of the violator's global revenue. (Crisanto & Prenio, 2017).
The Spanish legislative framework incorporated the revised Payment Services Directive
(PSD2) in November 2018. The aforementioned modification was implemented with the
aim of enhancing the security of monetary transactions and safeguarding personal data,
while simultaneously fostering novel modes of ingenuity and rivalry within the payments
industry of Europe. The regulation in question incorporates various technical cyber security
requisites, such as robust customer authentication and monitoring of transactions and
devices. However, it also expands the potential avenues of attack for institutions, as it
mandates the establishment of an external access interface to payment accounts for third-
Dostları ilə paylaş: |