Skip to Main Content

Our News

Joint Conference Continues the Cyber Risk Conversation

Stylized photo of a padlock sitting on a circuit board

The Richmond Fed, in partnership with the Federal Reserve Board and MIT Computer Science and Artificial Intelligence Laboratory (CSAIL), hosted the second Conference on Measuring Cyber Risk in the Financial Services Sector at MIT’s campus in Cambridge, Massachusetts, on January 16 and 17. Open to both in person and virtual attendees, participants spanned 55 organizations across academia, government and industry. Topics covered included risk metrics and predictive statistics, threat analysis and scenario development, the relationship of these methods to operational resilience and financial stability, and challenges for the future. A detailed summary will be posted on the conference website in the future.

Cyber risk involves potential business disruption or damage to information systems that could lead to monetary loss or reputational damage, and can be difficult to quantify. This conference built on the inaugural event in November 2022 and furthered the discussion around cyber data needs to help financial services firms better manage cyber risks — with a particular focus this time around on the perspectives of Chief Risk Officers and corporate board members.

Panelists speak at the 2024 Cyber Risk Event

The hybrid format of the conference allowed participants to engage with panels like this one on systemic risk and financial stability both in person and virtually.

Michael Barr, Vice Chair for Supervision at the Board of Governors of the Federal Reserve System, addressed the importance of the conference and continuing the important collaboration to better quantify cyber risk in his day two opening remarks. “Forums like today's conference are critical to improve how we think about and measure the presence of cyber risk in financial markets. The ability to better measure cyber risk will allow banks and supervisors to improve their understanding of the direct and indirect costs of a cyber disruption. An incident poses direct costs on an affected bank and its customers, as well as indirect costs to other market participants who are connected to the affected bank …

“Despite progress in recent years, techniques to quantify cyber risk are still at a nascent stage, in part because of a lack of good data,” Barr explained. “Better data on cyber threats and vulnerabilities will enable us to identify and assess threats to banks and the financial system. In addition, improved data on interconnectedness between financial institutions and service providers will help identify and measure the impact of an incident on the broader financial system. The ability to quickly identify patterns, connections, and vulnerabilities will enable quick response, and may mean the difference between a controlled event and one that has a serious impact. We are supporting efforts to further study this subject through public-private coordination groups. In addition, cyber incident reporting will provide better data on the frequency, severity, and locality of cyber incidents that will enhance our collective ability to respond to these events.”

“Through our partnership with MIT and the Board of Governors, we are bringing together a group of researchers and practitioners focused on how financial institutions can measure and manage cyber risk,” shared Jeff Gerlach, Vice President of the Richmond Fed’s Quantitative Supervision and Research unit.  “Plans already are underway for a third conference sometime in the spring of 2025. I’m excited to see what this developing community can accomplish going forward.”

An important part of the Fed’s role in helping to ensure a safe, sound and stable banking and financial system is the supervision of banks’ cyber risk management practices. At the Richmond Fed, our Supervision, Regulation and Credit team conducts research on cyber risk and partners with the Board of Governors and other Reserve Banks across the Federal Reserve System to provide financial institutions with resources and training opportunities to complement their cyber risk practices.

Learn more about our supervision and regulation work here.

Phone Icon Contact Us

Jim Strader (804) 697-8956 (804) 332-0207 (mobile)