Cyber risk as systemic risk

The threat to the financial system posed by cyber risk is often claimed to be systemic. This column argues against this, pointing out that almost all cyber risk is microprudential. For a cyber attack to lead to a systemic crisis, it would need to be timed impeccably to coincide with other non-cyber events that undermine confidence in the financial system and the authorities. The only actors with enough resources to affect such an event are large sovereign states, and they could likely create the required uncertainty through simpler, financial means.