Report
Systemic Cyber Risk
Abstract: We propose a quantitative framework to track systemic risk arising from cyber vulnerabilities of the U.S. financial system. Synthesizing financial, economic, cyber, and network data that covers thousands of financial institutions and technological firms, we develop an index that tracks financial-system-level cyber vulnerability (SCV) for the financial system. Geopolitical risk, ransomware and malware incidents, and seasonal factors significantly drive the estimated adversarial component. Estimated technological and financial components exhibit fat tails in the distribution. In the cross-section, SCV is attributable to a small set of the largest firms. Large technology firms, including Microsoft, Google, Cisco, and Apple, emerge as key contributors to SCV. These providers also represent the largest cumulative count of vulnerabilities, pointing to financial stability considerations arising from the common exposure to client firms. SCV for service providers co-varies with that of financial institutions, which could amplify financial stability risks. The framework puts forth an approach to include a broad set of entities into an aggregate assessment of cyber vulnerability.
JEL Classification: G21; G23; G28; G29; O33;
https://doi.org/10.59576/sr.1186
Access Documents
File(s):
File format is application/pdf
https://www.newyorkfed.org/medialibrary/media/research/staff_reports/sr1186.pdf
Description: Full text
File(s):
File format is text/html
https://www.newyorkfed.org/research/staff_reports/sr1186.html
Description: Summary
Authors
Bibliographic Information
Provider: Federal Reserve Bank of New York
Part of Series: Staff Reports
Publication Date: 2026-02-01
Number: 1186