A new report on systemic cyber risk from the European Central Bank (ECB) features data from the Center for International and Security Studies at Maryland (CISSM) and Center for Governance of Technology and Systems (GoTech) Cyber Events Database. Entitled "Towards a framework for assessing systemic cyber risk," the analysis was included as part of the ECB’s Financial Stability Review for November 2022.
The report acknowledges the instability of the cybersecurity environment, noting that reported cyberattacks increased three-fold between 2015 and 2021, and that cleverly targeted cyberattacks can cause “system-wide stresses.” The Euro-area accounts for around 13 percent of cyberattacks, according to the report. It goes on to examine potential cyber threats to the financial system, including disruptions of key financial services and digital transactions. These threats are especially potent as an already stressed Europe braces itself for its first full winter grappling with the war in Ukraine.
ECB’s report makes substantial use of the Cyber Events Database, which was created as an open resource for the public and private sectors. The database identifies cyber threats to help inform public and private sector decisionmakers on how to allocate finite security resources. Using a combination of Python data-scraping and human review, CISSM and GoTech researchers compile information on cyber events, including the identities of threat actors, impacted industries and the downstream consequences of attacks among other variables.
The taxonomic system used to sort cyber events in the database, which has been featured in the pages of the Journal of Information Warfare, was originally developed at CISSM by GoTech Director Charles Harry and CISSM Director Nancy Gallagher.
“The historical lack of reliable information on the scale and scope of cyber events across industries has made the assessment of trends nearly impossible for policy analysts concerned about the impact of attacks on financial infrastructures," said Harry. "The inclusion of the cyber events dataset in the ECB’s Financial Stability Review speaks to the importance of CISSM and GoTech's foundational research in understanding the scope, scale, and severity of cyber attacks across the globe.”
The database covers cyber events as far back as 2014. Cyber “events” are defined as “the end result of any single unauthorized effort, or the culmination of many such technical actions, that engineers, through use of computer technology and networks, a desired primary effect on a target.” It runs up to the present-day and is updated monthly.
The ECB report maps some interesting trends using data pulled from the Cyber Events Database. For example, cyberattacks increase in frequency during times of political and policy uncertainty. This is especially the case for state-sponsored attacks.
Additionally, the majority of attacks leveled against the finance and insurance sectors are exploitive attacks, launched by criminals to illicitly acquire information. Other sectors, like manufacturing and public administration, are more frequently targeted with disruptive attacks i.e., ransomware, denial of service etc,.
The ECB also concludes that the cybersecurity “arms race,” won’t be ending any time soon, acknowledging that, while increased spending on IT security can reduce risk, “so too can it be expected that the technology deployed by cyberattackers will respond.”
“Ultimately, trade-offs are likely to be faced between the costs imposed by cyberattacks and ever-increasing spending on security measures,” according to the report.
In addition to the ECB, the Deutsche Bundesbank, Banco de España, and National Institute of Standards and Technology (NIST) are all currently leveraging the Cyber Events Database for their own analysis.
Both the CISSM/ GoTech Cyber Events Database and the ECB report are open source and free to view online.
