Category Archives: Cybersecurity

25/4/21: Impact Finance perspective of the systemic threats to blockchain applications

New paper (pre-print version):

Gurdgiev, Constantin and Fleming, Adam, Informational efficiency and cybersecurity threats: A Social Impact Finance perspective of the systemic threats to blockchain applications (April 25, 2021). Forthcoming, Chapter 12 in Innovations in Social Finance: Transitioning Beyond Economic Value, eds. Thomas Walker, Jane McGaughey, Sherif Goubran, and Nadra Wagdy, Palgrave Macmillan, 2021, Available at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3834032.

Abstract:

Crypto-assets and blockchain technologies hold the promise of providing more secure systems for managing public and private data, enhancing public trust in data collection, and increasing the efficiency of social impact finance transactions. However, to-date, blockchain technologies have struggled to deliver on these promises. Specifically, cybersecurity threats to blockchain technologies are accelerating and becoming more impactful over time, generating growing risk to the use of the blockchain technologies in social impact finance services provision. Our analysis data on cybersecurity breaches involving cryptocurrencies trading platforms from 2014 through 2019 shows that cryptocurrencies markets have, to-date, failed to develop informational efficiencies necessary to sustain these technologies’ deployment in impact finance. Faced with increasing cybersecurity threats permissionless blockchain systems appear to be more vulnerable to shocks, than they were in the past. Cyber breaches in the cryptocurrency markets create major risk contagion pathways, which are dramatically increasing volatility of both directly attacked currencies and other major cryptocurrencies; as well as present an increased risk of system-wide attacks that threaten not only the accounting and transactional accuracy and efficiency of the crypto-based fintech solutions, but also the data stored using public blockchain protocols. These findings lead us to conclude that, absent dramatic improvements in the regulation of cryptocurrencies and exchanges, public blockchains based on traded crypto-assets are not suitable for large scale deployment in social impact finance applications.

20/9/19: New paper: Systematic risk contagion from cyber events

Our new paper, "What the hack: Systematic risk contagion from cyber events" is now available at International Review of Financial Analysis in pre-print version here: https://www.sciencedirect.com/science/article/pii/S1057521919300274.

Highlights include:

We examine the impact of cybercrime and hacking events on equity market volatility across publicly traded corporations.
The volatility generated due to cybercrime events is shown to be dependent on the number of clients exposed.
Significantly large volatility effects are presented for companies who find themselves exposed to hacking events.
Corporations with large data breaches are punished substantially in the form of stock market volatility and significantly reduced abnormal stock returns.
Companies with lower levels of market capitalisation are found to be most susceptible to share price reductions.
Minor data breaches appear to be relatively unpunished by the stock market.

25/4/18: Dombret on the Future of Europe

An interesting speech by y Dr Andreas Dombret, Member of the Executive Board of the Deutsche Bundesbank, on the future of Europe, with direct referencing to the issues of systemic financial risks (although some of these should qualify as uncertainties) and resilience of the regulatory/governance systems (I wish he focused more on these, however).

https://www.bis.org/review/r180226b.pdf (Links to an external site.)

25/3/18: Quantum computing and cyber security: a perfectly VUCA mix?

One interesting topic worth discussing in the context of VUCA and systemic resilience is quantum computing. The promise of quantum computing offers a prospect of altering completely the existent encryption methods effectiveness.

Here is one view: https://www.sciencedirect.com/science/article/pii/S1361372317300519 suggesting that quantum computing is not a threat to current cryptographic systems, although the core argument here is that it is not a threat in its current state.

Less (scientifically) robust arguments to the opposite side are, for example, in https://www.wired.com/story/quantum-computing-is-coming-for-your-data/, and http://approachinfinity.ca/RecentPublications/Quantum-computing-overview.pdf

Geopolitically, this puts quantum computing into an important security race position: http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0190646 and https://www.zerohedge.com/news/2018-03-25/everybody-was-quantum-fighting-those-computers-were-fast-lightning

There is a lot of technical stuff involved, but an interesting topic from geopolitical risks perspective for sure, and involves long term strategic positioning by the usual adversaries, the U.S. and China.

Beyond this issue, there are also implications of quantum computing in broader cybersecurity context, including enforcement and monitoring: https://www.wired.com/story/quantum-computing-is-the-next-big-security-risk/, https://www.techrepublic.com/article/how-quantum-computing-could-create-unbreakable-encryption-and-save-the-future-of-cybersecurity/, and https://futurism.com/future-cybersecurity-quantum-encryption/.

7/9/17: What the Hack: Systematic Risk Contagion from Cyber Events

We just posted three new research papers on SSRN covering a range of research topics.

The second paper is "What the Hack: Systematic Risk Contagion from Cyber Events", available here: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3033950.

Abstract:

This paper examines the impact of cybercrime and hacking events on equity market volatility across publicly traded corporations. The volatility influence of these cybercrime events is shown to be dependent on the number of clients exposed across all sectors and the type of the cyber security breach event, with significantly large volatility effects presented for companies who find themselves exposed to cybercrime in the form of hacking. Evidence is presented to suggest that corporations with large data breaches are punished substantially in the form of stock market volatility and significantly reduced abnormal stock returns. Companies with lower levels of market capitalisation are found to be most susceptible. In an environment where corporate data protection should be paramount, minor breaches appear to be relatively unpunished by the stock market. We also show that there is a growing importance in the contagion channel from cyber security breaches to markets volatility. Overall, our results support the proposition that acting in a controlled capacity from within a ring-fenced incentives system, hackers may in fact provide the appropriate mechanism for discovery and deterrence of weak corporate cyber security practices. This mechanism can help alleviate the systemic weaknesses in the existent mechanisms for cyber security oversight and enforcement.