Cybersecurity hazards and financial system vulnerability: a synthesis of literature

Abraham, S., and P.J. Shrives. 2014. Improving the relevance of risk factor disclosure in corporate annual reports. The British accounting review 46 (1): 91–107. ACSS. 2016. Australia’s cyber security strategy. Commonwealth of Australia, Department of the Prime Minister and Cabinet. https://cybersecuritystrategy.homeaffairs.gov.au/. Ahmad, N., and P. Schreyer. 2016. Measuring GDP in a digitalised economy. Paris: OECD Publishing. https://doi.org/10.1787/18152031. AIG. 2016. December. Is cyber risk systemic? New York: American International Group. https://www.aig.com/content/dam/aig/america-canada/us/documents/business/cyber/aig-cyber-risk-systemic-final.pdf. Akhawe, D., A. Barth, P.E. Lam, J. Mitchell, and D. Song. 2010. Towards a formal foundation of web security. In 2010 23rd IEEE computer security foundations symposium, 290–304. IEEE. Akhisar, İ., K.B. Tunay, and N. Tunay. 2015. The effects of innovations on bank performance: The case of electronic banking services. Procedia—Social and Behavioral Sciences 195: 369–375. Aldasoro, I., L. Gambacorta, P. Giudici, and T. Leach. 2020a. Operational and cyber risks in the financial sector. BIS Working Paper No. 840. Basel, Switzerland: Bank for International Settlements. Aldasoro, I., L. Gambacorta, P. Giudici, and T. Leach. 2020b. The drivers of cyber risk. BIS Working Paper No. 865. Basel, Switzerland: Bank for International Settlements. Alex Johnson. 2018, May 9. Equifax breaks down just how bad last year’s data breach was. NBC News. https://www.nbcnews.com/news/us-news/equifax-breaks-down-just-how-bad-last-year-s-data-n872496. Allen, F., and D. Gale. 2004. Competition and financial stability. Journal of Money, Credit and Banking 36 (3): 453–480. Almansi, A.A. 2018. Financial sector’s cybersecurity: Regulations and supervision. Washington, United States of America: World Bank Group. Almansi, A.A., Y.C. Lee, and J. Lincoln. 2017. Financial sector’s cybersecurity: A regulatory digest. World Bank. Washington: Financial Sector Advisory Center. Ames, M., T. Schuermann, and H.S. Scott. 2015. Bank capital for operational risk: A tale of fragility and instability. Journal of Risk Management in Financial Institutions 8 (3): 227–243. Antonescua, M., and R. Birău. 2015. Financial and non-financial implications of cybercrimes in emerging countries. Procedia Economics and Finance 32: 618–621. Arner, D.W., J. Barberis, and R.P. Buckley. 2016. FinTech, RegTech, and the reconceptualization of financial regulation. Northwestern Journal of International Law & Business 37 (3). Aseef, N., P. Davis, M. Mittal, K. Sedky, and A. Tolba. 2005. Cyber-criminal activity and analysis. Washington Education: White paper. Ashford, W. 2019, July 31. Financial services top cyber attack target. Computer Weekly. https://www.computerweekly.com. Aziz, A.S., M.A. Salama, A.E. Hassanien, and S.E.O. Hanaf. 2012. Artificial immune system inspired intrusion detection system using genetic algorithm. Informatica 36: 347–357. Banker, R.D., R.J. Kauffman, and R.C. Morey. 1990. Measuring gains in operational efficiency from information technology: A study of the Positran deployment at Hardee’s Inc. Journal of Management Information Systems 7 (2): 29–54. Barrett, M., E. Davidson, J. Prabhu, and S.L. Vargo. 2015. Service innovation in the digital age: Key contributions and future directions. MIS quarterly 39 (1): 135–154. Barthelemy, J. 2001. The hidden costs of IT outsourcing: Lessons from 50 IT-outsourcing efforts show that unforeseen costs can undercut anticipated benefits. Understanding the issues can lead to better outsourcing decisions. MIT Sloan Management Review 42 (3): 60–72. BDO. 2017. Cyber security in banking industry. India: BDO. Beccalli, E. 2007. Does IT investment improve bank performance? Evidence from Europe. Journal of Banking & Finance 31 (7): 2205–2230. Beitollahi, H., and G. Deconinck. 2012. Analyzing well-known countermeasures against distributed denial of service attacks. Computer Communications 35 (11): 1312–1332. Benaroch, M., A. Chernobai, and J. Goldstein. 2012. An internal control perspective on the market value consequences of IT operational risk events. International Journal of Accounting Information Systems 13: 357–381. Berger, A.N., and R.D. Young. 1997. Problem loans and cost efficiency in commercial banks. Journal of Banking & Finance 21 (6): 849–870. Berkman, H., J. Jona, G. Lee, and N. Soderstrom. 2018. Cybersecurity awareness and market valuations. Journal of Accounting and Public Policy 37 (6): 508–526. Bernik, I. 2014. Cybercrime: The cost of investments into protection. Journal of Criminal Justice and Security 16 (2): 105–116. Biener, C., M. Eling, and J.H. Wirfs. 2015. Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk and Insurance-Issues and Practice 40 (1): 131–158. BIS. 2004. Consolidated KYC risk management. Basel Committee on Banking Supervision. https://www.bis.org/publ/bcbs110.pdf. BIS. 2013. The road to a more resilient banking sector. BIS. https://www.bis.org/publ/arpdf/ar2013e.htm. BIS. 2016, June. Bank for international settlements. www.bis.org. https://www.bis.org/cpmi/publ/d146.pdf. Boer, M., and J. Vazquez. 2017. Cyber security & financial stability: How cyber-attacks could materially impact the global financial system. Washington: The Institute of International Finance. Böhme, R. 2010. Security Metrics and Security Investment Models. In Advances in information and computer security, ed. I. Echizen, N. Kunihiro, and R. Sasaki, 10–24. Berlin: Springer. Böhme, R. 2012, February. Security audits revisited. in International conference on financial cryptography and data security, 129–147. Berlin: Springer. Boin, A., and A. McConnell. 2007. Preparing for critical infrastructure breakdowns: The limits of crisis management and the need for resilience. Journal of Contingencies and Crisis Management 15 (1): 50–59. Bouveret, A. 2018. Cyber risk for the financial sector: A framework for quantitative assessment. IMF Working Paper No. WP/18/143. International Monetary Fund. Bouveret, A. 2019a. Cyber risk for the financial services sector. Journal of Financial Transformation 49. Bouveret, A. 2019b. Estimation of losses due to cyber risk for financial institutions. Journal of Operational Risk, Forthcoming. Brechbuhl, H., R. Bruce, S. Dynes, and M.E. Johnson. 2010. Protecting critical information infrastructure: Developing cybersecurity policy. Information Technology for Development 16 (1): 83–91. Brown, C.S. 2015. Investigating and prosecuting cyber crime: Forensic dependencies and barriers to justice. International Journal of Cyber Criminology 9 (01): 55–119. https://doi.org/10.5281/zenodo.22387. Burden, K., and C. Palmer. 2003. Internet crime: Cyber crime—A new breed of criminal? Computer Law & Security Review 19 (3): 222–227. Cabinet Decision. 2015. Cybersecurity strategy. The Government of Japan. https://www.nisc.go.jp/eng/pdf/cs-strategy-en.pdf. Carey, M., and R.M. Stulz. 2008. The risks of financial institutions. Journal of Contingencies and Crisis Management 16 (1): 65–66. https://doi.org/10.1111/j.1468-5973.2008.00532_2.x. CarlColwill, 2009. Human factors in information security: The insider threat—Who can you trust these days? Information Security Technical Report 14 (4): 186–196. Caron, F. 2015. Cyber risk management in financial market infrastructures: Elements for a holistic and risk-based approach to cyber security. Belgium: National Bank of Belgium. https://lirias.kuleuven.be/1834699?limo=0. Carter, W.A., and D.E. Zheng. 2015. The evolution of cybersecurity requirements for the U.S. financial industry. USA: Center for Strategic and International Studies. Caruana, J. 2009, February. Lessons of the financial crisis for future regulation of financial institutions and markets and for liquidity management. Washington, DC: IMF. Casu, B., A. Ferrari, C. Girardone, and J.O. Wilson. 2016. Integration, productivity and technological spillovers: Evidence for eurozone banking industries. European Journal of Operational Research 255 (3): 971–983. Cavusoglu, H., S. Raghunathan, and W. Yue. 2008. Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems 25 (2): 281–304. Cebula, J.J., and L.R. Young. 2010. A taxonomy of operational cyber. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst. Cetorelli, N., B. Hirtle, D. Morgan, S. Peristiani, and A.J. Santos. 2007. Trends in financial market concentration and their implications for market stability. Federal Reserve Bank of New York Policy Review 33–51. Chauhan, Y., and S.B. Kumar. 2018. Do investors value the nonfinancial disclosure in emerging markets? Emerging Markets Review 37: 32–46. Cherdantseva, Y., P. Burnap, A. Blyth, P. Eden, K. Jones, H. Soulsby, and K. Stoddart. 2016. A review of cyber security risk assessment methods for SCADA systems. Computers & Security 56: 1–27. Choo, K.-K.R. 2011. The cyber threat landscape: Challenges and future research directions. Computers & Security 33 (8): 719–731. Choo, K.-K.R., R.G. Smith, and R. McCusker. 2007. Future directions in technology-enabled crime: 2007–09. Canberra: Australian Institute of Criminology. Chowdhury, A. 2003. Information technology and productivity payoff in the banking industry: Evidence from the emerging markets. Journal of International Development 15 (6): 693–708. Clare Sullivan, E.B. 2017. “In the public interest”: The privacy implications of international business-to-business sharing of cyber-threat intelligence. Computer Law & Security Review 33: 14–29. Committee on Payments and Market Infrastructures. 2016. Guidance on cyber resilience for financial market infrastructures. Bank for International Settlements. https://www.bis.org/cpmi/publ/d146.pdf. Crisanto, J.C., and J. Prenio. 2017, August. Regulatory approaches to enhance banks’ cyber-security frameworks. Bank for International Settlements. https://www.bis.org/fsi/publ/insights2.pdf. Das, S., A. Mukhopadhyay, and M. Anand. 2012. Stock market response to information security breach: A study using firm and attack characteristics. Journal of Information Privacy and Security 8 (4): 27–55. Deloitte. 2014. Transforming cybersecurity in the Financial Services Industry. Deloitte. https://www2.deloitte.com/content/dam/Deloitte/za/Documents/risk/ZA_Transforming_Cybersecurity_05122014.pdf. Demirgüç-Kunt, A., L. Klapper, D. Singer, S. Ansar, and J. Hess. 2018. The global findex database 2017: Measuring financial inclusion and the Fintech revolution. The World Bank. Derek Young, J.L. 2016. A framework for incorporating insurance in critical infrastructure cyber risk strategies. International Journal of Critical Infrastructure Protection 14: 43–57. Diamond, D.W., and P.H. Dybvig. 1983. Bank runs, deposit insurance, and liquidity. Journal of Political Economy 91 (3): 401–419. Diamond, D.W., and P.H. Dybvig. 1986. Banking theory, deposit insurance, and bank regulation. The Journal of Business 59 (1): 55–68. Donge, Z., F. Luo, and G. Liang. 2018. Blockchain: A secure, decentralized, trusted cyber infrastructure solution for future energy systems. Journal of Modern Power Systems and Clean Energy 1–10. Duffie, D., and J. Younger. 2019. Cyber runs. Hutchins Center Working Paper #51. Washington, DC: The Hutchins Center on Fiscal & Monetary Policy, Brookings Institution. Dufwenberg, M., and M.A. Dufwenberg. 2018. Lies in disguise—A theoretical analysis of cheating. Journal of Economic Theory 175: 248–264. Duncan, N.B. 1995. Capturing flexibility of information technology infrastructure: A study of resource characteristics and their measure. Journal of Management Information Systems 12 (2): 37–57. Duran, R.E., & P. Griffin. 2019. Smart contracts: Will Fintech be the catalyst for the next global financial crisis? Journal of Financial Regulation and Compliance (in press) Dutta, A., and K. McCrohan. 2002. Management’s role in information security in a cyber economy. California Management Review. https://doi.org/10.2307/41166154. Eling, M., and M. Lehmann. 2018. The impact of digitalization on the insurance value chain and the insurability of risks. The Geneva Papers on Risk and Insurance-Issues and Practice 43 (3): 359–396. Eling, M., and J. Wirfs. 2019. What are the actual costs of cyber risk events? European Journal of Operational Research 272 (3): 1109–1119. Embrechts, P., H. Furrer, and R. Kauffman. 2003. Quantifying regulatory capital for operational risk. Derivatives Use, Trading and Regulation 9 (3): 217–233. EU. 2018, May. The Directive on security of network and information systems (NIS Directive). https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive. Euromoney. 2017, August 1. Technology investments drive up banks’ costs. Euromoney Magazine. London. Fed. 2017, September. Federal reserve policy on payment system risk. Washington: Federal Reserve System. Federal Office for Information Security. 2017. The state of IT security in Germany 2017. FOIS. Fitch. 2017, April. Cybersecurity an increasing focus for financial institutions. https://www.fitchratings.com/site/pr/1022468. Francis, L., and V.R. Prevosto. 2010. Data and disaster: The role of data in the financial crisis. In casualty actuarial society e-forum, 62. New York: Springer. Garg, A., J. Curtis, and H. Halper. 2003. The financial impact of IT security breaches: What do investors think? Information Systems Security 12 (1): 22–33. Gatzlaff, K.M., and K.A. McCullough. 2010. The effect of data breaches on shareholder wealth. Risk Management and Insurance Review 13 (1): 61–83. Gelenbe, E., and G. Loukas. 2007. A self-aware approach to denial of service defence. Computer Networks 51: 1299–1314. Germano, J.H. 2014. Cybersecurity partnerships: A new era of public-private collaboration. New York: New York University School of Law. Geyres, S., and M. Orozco. 2016. Think banking cybersecurity is just a technology issue? Think again. Accenture strategy. https://www.accenture.com/t20160419t004021__w__/us-en/_acnmedia/pdf-13/accenture-strategy-cybersecurity-in-banking.pdf. Gladstone, R. 2016, March 15. Bangladesh Bank chief resigns after cyber theft of $81 million. The New York Times. Glaessner, T., T. Kellermann, and V. McNevin. 2002. Electronic security: Risk mitigation in financial transactions—Public policy issues. The World Bank. Goel, S., and H.A. Shawky. 2009. Estimating the market impact of security breach announcements on firm values. Information & Management 46 (7): 404–410. Goldman, D. 2012, September 28. Major banks hit with biggest cyberattacks in history. CNN Business. Altanta. Gommans, L., J. Vollbrecht, B.G.-D. Bruijn, and C.D. Laat. 2015. The service provider group framework a framework for arranging trust and power to facilitate authorization of network services. Future Generation Computer Systems 45: 176–192. Goodman, S.E., and R. Ramer. 2007. Identify and mitigate the risks of global IT outsourcing. Journal of Global Information Technology Management 10 (4): 1–6. Gopalakrishnan, R., and M. Mogato. 2016, May 19. Bangladesh Bank official’s computer was hacked to carry out $81 million heist: Diplomat. Reuters: Business News. Thomson Reuters. Gordon, L.A., and M.P. Loeb. 2002a. The economics of information security investment. ACM Transactions on Information and Systems Security 5 (4): 438–457. Gordon, L.A., and M.P. Loeb. 2002b. Return on information security investments, myths vs realities. Strategic Finance 84 (5): 26–31. Gordon, L.A., M.P. Loeb, W. Lucyshyn, and T. Sohail. 2006. The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities. Journal of Accounting and Public Policy 25 (5): 503–530. Gracie, A. 2015. Cyber resilience: A financial stability perspective. Cyber defence and network security conference. London. https://www.bankofengland.co.uk/speech/2015/cyber-resilience-a-financial-stability-perspective. Granåsen, M., and D. Andersson. 2016. Measuring team effectiveness in cyber-defense exercises: A cross-disciplinary case study. Cognition, Technology & Work 18 (1): 121–143. Gupta, U.G., and A. Gupta. 2007. Outsourcing the is function: Is it necessary for your organization? Information Systems Management 9 (3): 44–47. Gutu, L.M. 2014. The impact of Internet technology on the Romanian banks performance. In Proceedings of international academic conferences (No. 0702397). International Institute of Social and Economic Sciences. Hall, C., R.J. Anderson, R. Clayton, E. Ouzounis, and P. Trimintzios. 2013. Resilience of the internet interconnection ecosystem. Economics of Information Security and Privacy III: 119–148. Heeks, R. 2002. Information systems and developing countries: Failure, success, and local improvisations. The Information Society 18: 101–112. Hemphill, T.A., and P. Longstreet. 2016. Financial data breaches in the U.S. retail economy: Restoring. Technology in Society 44: 30–38. Herath, T., and H.R. Rao. 2009. Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support System 47 (02): 154–165. HKMA. 2016. Enhanced competency framework on cybersecurity. Hong Kong: Hong Kong Monetary Authority. https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20161219e1.pdf. Ho, S.J., and S.K. Mallick. 2010. The impact of information technology on the banking industry. Journal of the Operational Research Society 61 (2): 211–221. Holt, T.J., and E. Lampke. 2010. Exploring stolen data markets online: Products and market forces. Criminal Justice Studies 23 (1): 33–50. Hon, W.K., and C. Millard. 2018. Banking in the cloud: Part 1—Banks’ use of cloud services. Computer Law & Security Review 34: 4–24. Horne, R. 2014. The cyber threat to banking. PWC. https://www.bba.org.uk/wp-content/uploads/2014/06/BBAJ2110_Cyber_report_May_2014_WEB.pdf. Hovav, A., and J. D’Arcy. 2004. The impact of virus attack announcements on the market value of firms. Information Systems Security 13 (3): 32–40. Hsu, A.W.-H., H. Pourjalali, and Y.-J. Song. 2018. Fair value disclosures and crash risk. Journal of Contemporary Accounting & Economics 14 (3): 358–372. Humayun, M., N. J. Mahmood Niazi, M. Alshayeb, and S. Mahmood. 2020. Cyber security threats and vulnerabilities: A systematic mapping study. Arabian Journal for Science and Engineering 1–19. Hyytinen, A., and T. Takalo. 2002. Enhancing bank transparency: A re-assessment. Review of Finance 6 (3): 429–445. IDSA. 2012. India’s cyber security challenge. New Delhi: Institute for Defence Studies and Analyses. https://idsa.in/system/files/book/book_indiacybersecurity.pdf. IOSC. 2016. Cyber security in securities markets—An international perspective. International Organization of Securities Commissions. https://www.iosco.org/library/pubdocs/pdf/IOSCOPD528.pdf. Ismail, N. 2018. The financial impact of data breaches is just the beginning. www.information-age.com. https://www.information-age.com/data-breaches-financial-impact-123470254/. ITU. 2012a. Cyberwellness profile hong kong. Hong Kong: ITU. https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-SECU-2015-PDF-E.pdf. ITU. 2012b. Cyberwellness profile poland. Poland: ITU. https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Country_Profiles/Poland.pdf. ITU. 2013. Cyberwellness profile Hungary. Hungary: ITU. https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Country_Profiles/Hungary.pdf. ITU Slovakia. 2012. Cyberwellness profile slovakia. ITU. https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Country_Profiles/Slovakia.pdf. Javaid, M.A. 2013. Cyber security: Challenges ahead. Available SSRN 2339594. http://nexusacademicpublishers.com/uploads/portals/Cyber_Security_Challenged_Ahead.pdf. Jayawardhena, C., and P. Foley. 2000. Changes in the banking sector—The case of Internet banking in the UK. Internet Research 10 (1): 19–31. Johnson, K.N. 2015. Managing cyber risk. Georgia Law Review 50 (2): 548–592. Jordan, J.S., J. Peek, and E.S. Rosengren. 2000. The market reaction to the disclosure of supervisory actions: Implications for bank transparency. Journal of Financial Intermediation 9 (3): 298–319. Juma’h, A.H., and Y. Alnsour. 2020. The effect of data breaches on company performance. International Journal of Accounting & Information Management 28 (2): 275–301. Kamiya, S., KangJun-Koo, K. Jungmin, A. Milidonis, and R. M. Stulz. 2020. Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics Kark, K., A. Shaikh, and C. Brown. 2017, November 28. Technology budgets: From value preservation to value creation. Deloitte Insight. London. Kauffman, R.J., J. Liu, and D. Ma. 2015. Technology investment decision-making under uncertainty. Information Technology and Management 16 (2): 153–172. Kayworth, T., and D. Whitten. 2012. Effective information security requires a balance of social and technology factors. MIS Quarterly Executive 9(3). Kesswani, N., and S. Kumar. 2015. Maintaining cyber security: Implications, cost and returns. Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research. New York: Association for Computer Machinery, 161–164. Khoury, S., and E. Rolland. 2006. Conceptual model for explaining the IT investment paradox in the banking sector. International Journal of Technology, Policy and Management 6 (3): 309–326. King, R.G., and R. Levine. 1993. Finance, entrepreneurship, and growth. Journal of Monetary Economics 3 (32): 513–542. Ko, M., and C. Dorantes. 2006. The impact of information security breaches on financial performance of the breached firms: An empirical investigation. Journal of Information Technology Management 17 (2): 13–22. Koette, M., and T. Poghosyan. 2009. The identification of technology regimes in banking: Implications for the market power-fragility nexus. Journal of Banking & Finance 33 (8): 1413–1422. Kopp, E., L. Kaffenberger, and C. Wilson. 2017. Cyber risk, market failures, and financial stability, working paper. International Monetary Fund (WP/17/185). Kox, H. L. 2013. Cybersecurity in the perspective of Internet traffic growth. Working paper. CPB Netherlands Bureau for Economic Policy Analysis. https://mpra.ub.uni-muenchen.de/47994/. Kröger, W. 2008. Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools. Reliability Engineering & System Safety 93 (12): 1781–1787. Kunreuther, H., and G. Heal. 2003. Interdependent security. Journal of Risk and Uncertainty 26 (2–3): 231–249. Kwast, M.L., and J.T. Rose. 1982. Pricing, operating efficiency, and profitability among large commercial banks. Journal of Banking & Finance 6 (2): 233–254. Lagazio, M., N. Sherif, and A.M. Cushman. 2014. A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security 45: 58–74. Lages, L.F. 2016. VCW-value creation wheel: Innovation, technology, business, and society. Journal of Business Research 69: 4849–4855. Langton, J. 2018, June 4. Data breaches credit negative for BMO and CIBC: Moody’s. www.investmentexecutive.com: https://www.investmentexecutive.com/news/industry-news/data-breaches-credit-negative-for-bmo-and-cibc-moodys/. Lee, D., and S. Mithas. 2014. IT investments, alignment and firm performance: Evidence from an emerging economy. ICIS Conference Proceedings. Association for Information Systems. https://aisel.aisnet.org/icis2014/proceedings/ISStrategy/29/. Lever, K.E., and K. Kifayat. 2020. Identifying and mitigating security risks for secure and robust NGI networks. Sustainable Cities and Society 59: 102098. Levine, R.G. 1993. Finance and growth: Schumpeter might be right. The Quarterly Journal of Economics 108 (3): 717–737. Lewis, J.A. 2002. Assessing the risks of cyber terrorism, cyber war and other cyber threats. Washington, DC: Center for Strategic & International Studies. Lewis, J., and S. Baker. 2013. The economic impact of cybercrime and cyber espionage. McAfee. Li, H., W.G. No, and T. Wang. 2018. SEC’s cybersecurity disclosure guidance and disclosed cybersecurity risk factors. International Journal of Accounting Information Systems 30: 40–55. Linsley, P.M., and P.J. Shrives. 2005. Transparency and the disclosure of risk information in the banking sector. Journal of Financial Regulation and Compliance 13 (3): 205–214. Longstaff, T., C. Chittister, R. Pethia, and Y. Haimes. 2020. Are we forgetting the risks of information technology. Computer 33 (12): 43–51. Low, P. 2017. Insuring against cyber-attacks. Computer Fraud & Security 2017: 18–20. Macaulay, T. 2018. Critical infrastructure: Understanding its component parts, vulnerabilities, operating risks, and interdependencies, 1st ed. Boca Raton: Taylor and Francis Group. Mandeville, T. 1998. An information economics perspective on innovation. International Journal of Social Economics 25 (2/3/4): 357–364. Mayahi, A., and I. Humaid. 2016. Development of a comprehensive information security system for UAE e-Government. PhD thesis, Prifysgol Bangor University McConnell, Patrick, and Keith Blacker. 2013. Systemic operational risk: Does it exist and if so, how do we regulate it? The Journal of Operational Risk 8 (1): 59–99. McGraw, G. 2013. Cyber war is inevitable (unless we build security in). Journal of Strategic Studies 36 (1): 109–119. https://doi.org/10.1080/01402390.2012.742013. MCI. 2017. Public consultation paper on the draft cybersecurity bill. The Ministry of Communications and Information (MCI) and the Cyber Security Agency of Singapore. https://www.csa.gov.sg/~/media/csa/cybersecurity_bill/consult_document.pdf. Ministry of Digital Affairs. 2017. National framework of cybersecurity policy of Republic of Poland for 2017-22. Warsaw: Government of Poland. Mohammed, A.-M., B. Idris, G. Saridakis, and V. Benson. 2020. Chapter 8—Information and communication technologies: A curse or blessing for SMEs?. New York: Academic Press. Moore, T. 2010. The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection 3 (3–4): 103–117. Moore, T., S. Dynes, and F. Chang. 2015. Identifying how firms manage cybersecurity investment. Dallas: Southern Methodist University. Morton, M., J. Werner, P. Kintis, K. Snow, M. Antonakakis, M. Polychronakis, and F. Monrose. 2018. Security risks in asynchronous web servers: When performance optimizations amplify the impact of data-oriented attacks. IEEE European Symposium on Security and Privacy, pp. 167–182. Moumen, N., H.B. Othman, and K. Hussainey. 2015. The value relevance of risk disclosure in annual reports: Evidence from MENA emerging markets. Research in International Business and Finance 34: 177–204. Mugarura, N., and E. Ssali. 2020. Intricacies of anti-money laundering and cyber-crimes regulation in a fluid global system. Journal of Money Laundering Control. Mukhopadhyay, A., D.S. Samir Chatterjee, A. Mahanti, and A.S. Sadhukhan. 2013. Cyber-risk decision models: To insure IT or not? Decision Support Systems 56: 11–26. NCG. 2016. 4 important cybersecurity focus areas for banks. Portland: Northcross Group. http://www.northcrossgroup.com. NCSB. 2014. National cybersecurity strategy. Dhaka: ICT Ministry. https://sherloc.unodc.org/cld/lessons-learned/bgd/the_national_cybersecurity_strategy_of_bangladesh.html?. NCSC. 2018. The cyber threat to UK business. UK: The National Cyber Security Centre. https://www.ncsc.gov.uk/home. Ngonzi, T.T. 2016. Theorizing ICT-based social innovation on development in the context of developing countries of Africa. Captown: University of Cape Town. Ni, J., X. Lin, and X. Shen. 2019. Towards edge-assisted internet of things: From security and efficiency perspectives. IEEE Network 33 (2): 50–57. OECD. 2015. Digital security risk management for economic and social prosperity: OECD recommendation and companion document. Paris: OECD Publishing. OFR. 2017. Cybersecurity and financial stability: Risks and resilience. Office of Financial Research. https://www.financialresearch.gov/viewpoint-papers/files/OFRvp_17-01_Cybersecurity.pdf. Page, J., M. Kaur, and E. Waters. 2017. Directors’ liability survey: Cyber attacks and data loss—A growing concern. Journal of Data Protection & Privacy 1 (2): 173–182. Park, I., J. Lee, H.R. Rao, and S.J. Upadhyaya. 2006. Part 2: Emerging issues for secure knowledge management-results of a Delphi study. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans 36 (3): 421–428. Patterson, D., A. Brown, P. Broadwell, G. Candea, and J.C. Mike Chen. 2002. Recovery oriented computing (ROC): Motivation, definition, techniques, and case studies. UC Berkeley Computer Science. Paul, J.A., and X. Wang. 2019. Socially optimal IT investment for cybersecurity. Decision Support Systems 122: 113069. Pavlou, P.A., H. Liang, and Y. Xue. 2007. Understanding and mitigating uncertainty in online exchange relationships: A PrincipalAgent perspective. MIS Quarterly, 105–136. Peeters, G. 2017. Strengthening the digital Achilles heel of the European Union: Make use of ethical hackers to find vulnerabilities in information systems? Master thesis. Peng, C., M. Xu, S. Xu, and T. Hu. 2017. Modeling and predicting extreme cyber attack rates via marked point processes. Jornal of Applied Statistics 44 (14): 2534–2563. Pirounias, S., D. Mermigas, and C. Patsakis. 2014. The relation between information security events and firm market value, empirical evidence on recent disclosures: An extension of the GLZ study. Journal of Information Security and Applications 19 (4–5): 257–271. Power, M. 2005. The invention of operational risk. Review of International Political Economy 12 (4): 577–599. PWC. 2014. Threats to the Financial Services sector. PWC. https://www.pwc.com/gx/en/financial-services/publications/assets/pwc-gecs-2014-threats-to-the-financial-services-sector.pdf. PWC. 2015. Information security breaches survey. London: The UK Government. https://www.pwc.co.uk/assets/pdf/2015-isbs-technical-report-blue-digital.pdf. Quinn, J.B., and M.N. Baily. 1994. Information technology: Increasing productivity in services. Academy of Management Perspectives 8 (3): 28–48. Rackof, N., C. Wiseman, and W.A. Ullrich. 1985. Information systems for competitive advantage: implementation of a planning process. MIS Quarterly, 285-294. Ralston, P., J. Graham, and J. Hieb. 2007. Cyber security risk assessment for SCADA and DCS networks. ISA Transactions 46: 583–594. ReedSmith. 2017. China cybersecurity law. ReedSmith. https://www.reedsmith.com/en/perspectives/2017/01/chinas-cybersecurity-law. Reuters. 2018, June 1. Bank of Chile trading down after hackers rob millions in cyberattack. Santiago. https://www.reuters.com/article/us-chile-banks-cyberattack/bank-of-chile-trading-down-after-hackers-rob-millions-in-cyberattack-idUSKBN1J72FC. Rezek, T., T. Szatkowski, J. Świątkowska, J. Vyskoč, and M. Ziare. 2012. V4 cooperation in ensuring cyber security—Analysis and recommendations. Poland: The Kosciuszko Institute. Ring, T. 2014. Threat intelligence: Why people don’t share. Computer Fraud & Security. 3: 5–9. Risk.net. 2016, Jan 20. Top 10 operational risks for 2016. www.risk.net. https://www.risk.net/risk-management/2441306/top-10-operational-risks-for-2016#risk1. Roth, A.V., and W.E. Jackson-III. 1995. Strategic determinants of service quality and performance: Evidence from the banking industry. Management Science 41 (11): 1720–1733. Rubens, P. 2018, June 26. How to prevent DDoS attacks: 6 tips to keep your website safe. Nashville: eSecurity Planet, TechnologyAdvice. https://www.esecurityplanet.com/network-security/how-to-prevent-ddos-attacks.html. Schwartz, M.J. 2013, March 21. South Korea Bank hacks: 7 key facts. Dark Reading. https://www.darkreading.com. SCM. 2016. Guidelines on management of cyber risk. Securities Commission Malaysia. https://www.sc.com.my/api/documentms/download.ashx?id=9aaddb2e-aa13-409a-a47f-8d0124afd229. Scott, S.V., J.V. Reenen, and M. Zachariadis. 2017. The long-term effect of digital innovation on bank performance: An empirical study of SWIFT adoption in financial services. Research Policy 46 (5): 984–1004. SecurityScoreboard. 2016. Financial industry cybersecurity report. New York: SecurityScoreboard. Shackelford, S.J. 2012. Should your firm invest in cyber risk insurance? Business Horizons 55: 349–356. Sharma, A., and P. Tandekar. 2018. Cyber security and business growth. IGI Global, 1208–1221. Siegel, C.A., T.R. Sagalow, and P. Serritella. 2002. Cyber-risk management: Technical and insurance controls for enterprise-level security. Information Systems Security 11 (4): 33–49. Skinner, D.J., and R.G. Sloan. 2002. Earnings surprises, growth expectations, and stock returns or don’t let an earnings torpedo sink your portfolio. Review of Accounting Studies 7: 289–312. Smedinghoff, T.J. 2012. Solving the legal challenges of trustworthy online identity. Computer Law & Security Review 28: 532–541. Solms, B.V. 2006. Information security—The fourth wave. Computers & Security 25 (3): 165–168. Sommer, P., and I. Brown. 2011. “Future global shocks” reducing systemic cybersecurity risk. OECD/IFP: OECD. Soomro, Z.A., M.H. Shah, and J. Ahmed. 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management 36 (2): 215–225. Srinidhi, B., J. Yan, and G.K. Tayi. 2015. Allocation of resources to cyber-security: The effect of misalignment of interest between managers and investors. Decision Support Systems 75: 49–62. State Bank of Pakistan. 2012. Guidelines on information technology security. The State Bank of Pakistan. http://www.sbp.org.pk/bsd/2004/Guidelines_on_IT_Security.pdf. Stoneburner, G., A. Goguen, and A. Feringa. 2002. Risk management guide for information technology systems. Recommendations of the National Institute of Standards and Technology. Singapore: National Institute of Standards and Technology. Teece, D.J. 2018. Profiting from innovation in the digital economy: Enabling technologies, standards, and licensing models in the wireless world. Research Policy 47 (8): 1367–1387. Tendulkar, R. 2013. Cyber-crime, securities markets and systemic risk. CFA Digest 43 (4): 35–43. Toivanen, H. 2015. Case study of why information security investment fail?. Master’s Thesis, 76. Jyväskylä: University of Jyväskylä. Trautman, L.J., and K. Altenbaumer-Price. 2010. The board’s responsibility for information technology governance. John Marshall Journal of Computer and Information Law 28: 313. Vagle, J. 2020. Cybersecurity and moral hazard. Stanford Technology Law Review 23: 71. Veijalainen, J., V. Terziyan, and H. Tirri. 2006. Transaction management for m-commerce at a mobile terminal. Electronic Commerce Research and Applications 5: 229–245. Watkins, B. 2014. The impact of cyber attacks on the private sector. Briefing Paper, Association for International Affair, 12. Watters, P.A., S. McCombie, R. Layton, and J. Pieprzyk. 2012. Characterising and predicting cyber attacks using the cyber attacker model profile. Journal of Money Laundering Control 15 (4): 430–441. Willison, R., and M. Warkentin. 2013. Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly 37 (1): 1–20. Wright, D., S. Gutwirth, M. Friedewald, P.D. Hert, M. Langheinrich, and A. Moscibroda. 2009. Privacy, trust and policy-making: Challenges and responses. Computer Law & Security Review 25: 69–83. Yang, S.J., S. Byers, J. Holsopple, B. Argauer, and D. Fava. 2008. Intrusion activity projection for cyber situational awareness. 2008 IEEE international conference on intelligence and security informatics, 167–172. Taiwan: IEEE. Zephirin, M.G. 1994. Switching costs in the deposit market. The Economic Journal 104 (423): 455–461.