Cyberattacks pose greater risk to financial stability than ever before as they have grown in both number and magnitude. A macroprudential perspective on cyber resilience stress testing is needed because cyber incidents can have a systemic impact as their effects spread across the financial sector via confidence, operational and financial mechanisms. While broader stress-testing principles also apply to cyber stress testing, stress testers need to focus in particular on clearly defining the overall objectives, determining the institutional perimeter, identifying material risk propagation channels, focusing on tail risks, considering relevant behavioural responses and combining the outcomes of bottom-up and top-down exercises. Based on these principles, cyber resilience stress tests can be executed following a bottom-up as well as a top-down approach. Top-down models can complement bottom-up results by providing harmonised modelling of system-wide financial interlinkages, behavioural responses and second-round effects.
Nothing contributes so much to the prosperity and happiness of a country as high profits