Nos derniers articles

Cette étude remet en question l'idée reçue selon laquelle les entreprises apprennent automatiquement de leurs échecs numériques, en démontrant que les incidents de cybersécurité n'améliorent pas la compréhension des risques au niveau du conseil d'administration. Les auteurs soulignent que l'exposition directe à des crises techniques reste souvent inefficace, car ces événements sont rares, opaques et filtrés par des experts.

L’article examine comment l’expertise des dirigeants influence la divulgation volontaire des incidents de cybersécurité affectant les systèmes d’information comptable (SIC). S’appuyant sur la théorie des échelons supérieurs et la théorie de la divulgation volontaire, il analyse des données d’entreprises américaines de 2017 à 2022. Les résultats indiquent que l’expertise en technologies de l’information chez les membres du comité d’audit et les PDG est associée à une divulgation accrue, reflétant une approche axée sur la transparence. En revanche, l’expertise financière est liée à une divulgation moindre, en raison de préoccupations liées aux risques juridiques et concurrentiels. D’autres facteurs, comme les mandats externes et l’ancienneté du PDG, sont positivement associés à la divulgation, surtout dans les secteurs non réglementés.

L'étude du FMI soutient que les vulnérabilités en cybersécurité et la fraude numérique sont étroitement liées dans les services financiers. En s’appuyant sur des données publiques, il constate que les incidents cyber dans le secteur financier ont représenté environ 10 % des événements mondiaux au cours de la dernière décennie, principalement dans la banque et les valeurs mobilières. Il indique que la fraude facilitée par le numérique a presque triplé mais reste sous-déclarée en raison de lacunes dans les données. Les virements et cartes dominent les escroqueries, avec une hausse des cas liés aux cryptoactifs. L’article souligne des impacts variables selon le niveau de développement et mentionne des mesures réglementaires visant à renforcer la confiance.

This research paper by Dr. Ana Zavgorodnia argues that cybersecurity spending should be managed through the same capital allocation discipline used in other major business domains. Although tools for quantifying risk exist, many boards currently approve security budgets based on compliance or technical narratives rather than financial materiality. To bridge this gap, the author introduces a framework featuring Exposure-Adjusted Estimation to identify risk concentrations and a Risk Efficiency Ratio to prioritize investments based on their marginal return. The model also categorizes spending into four functional domains to help leadership maintain a balanced security portfolio. By aligning with 2023 SEC disclosure rules, this approach transforms the CISO’s role into one focused on economics and risk-adjusted decision-making. Overall, the text provides a structured mechanism for boards to exercise substantive oversight by treating cyber defense as a strategic financial priority.

Ce rapport d'activité présente le bilan de la CCR (Caisse Centrale de Réassurance) pour l'année 2025, marquant ses 80 ans d'existence au service de l'intérêt général. En tant que réassureur public français, l'organisme consolide sa trajectoire financière grâce à une revalorisation de la surprime Cat Nat, tout en gérant les sinistres climatiques comme le cyclone Garance. Le document souligne une orientation stratégique majeure vers la prévention des risques extrêmes et l'accompagnement des territoires face aux menaces environnementales et cyber. À travers des entretiens et des indicateurs clés, la direction réaffirme l'efficacité du partenariat public-privé pour garantir l'assurabilité durable malgré l'intensification des catastrophes naturelles. Enfin, l'expertise de la CCR s'illustre par ses activités de conseil aux pouvoirs publics et ses investissements ciblés dans la résilience climatique.

The report outlines how digitalization and technological innovation introduce significant operational and digital risks to global financial stability. Key vulnerabilities include the expansion of Artificial Intelligence (AI), which complicates governance and monitoring while increasing systemic correlations. Furthermore, the report highlights risks from third-party dependencies, particularly cloud concentration among a few providers, which could amplify crises. Operational resilience is also a primary concern; outages at critical nodes or cyber incidents are viewed as direct threats. Consequently, the FSB is prioritizing standardized incident reporting and public-private collaboration to mitigate these emerging threats by 2026.

This research presents a machine learning framework designed to predict and reduce the risk of identity theft caused by phishing and social engineering. The authors developed a Cyber Risk Score (CRS) that combines observable security habits, like password hygiene, with latent psychological traits such as impulsive link-clicking. By utilizing a hybrid stacking ensemble model, the study achieved a 93% accuracy rate in identifying vulnerable social media users. Beyond mere prediction, the system uses SHAP analysis to provide transparent, personalized recommendations tailored to an individual’s specific behavioral weaknesses. This user-centered approach aims to bridge the gap between cybersecurity knowledge and actual online behavior through evidence-based interventions. Ultimately, the framework offers a scalable, ethical solution for organizations to protect users in increasingly sophisticated digital environments.

This paper by Caroline Hillairet, Olivier Lopez and Lionel Sopgoui (CREST, UMR CNRS) describes a stochastic SIR model designed to quantify the financial impact of contagious cyber-attacks on corporate revenues and insurance portfolios. By blending epidemiological frameworks with economic granular growth models, the researchers account for the reality that larger firms are more frequent targets and exhibit different internal infection dynamics. The model specifically utilizes Cox-Ingersoll-Ross (CIR) processes to incorporate environmental variability, allowing for more realistic simulations of how ransomware spreads within and between organizations. A key practical application analyzes the 2024 LockBit ransomware attacks, offering insurers a method to calculate Aggregate Exceedance Probabilities to forecast potential losses. Ultimately, the framework bridges the gap between cybersecurity technicalities and financial risk management, providing a tool for measuring systemic cyber threats across diverse industrial sectors.

This research introduces a Bayesian Network simulation model designed to quantify the effectiveness of Zero Trust Architecture (ZTA) within small-medium businesses (SMBs). By utilizing Monte Carlo simulations and historical data, the study validates how ZTA can reduce the likelihood of data breaches and the overall magnitude of cyber risk by up to 20 percent. The authors analyze critical implementation barriers, such as financial constraints and organizational resistance, providing a roadmap for resource-strapped firms to adopt "never trust, always verify" principles. Key findings highlight that credential-based attacks and insider threats are the most significant risks, which can be mitigated through core controls like encryption and multi-factor authentication. Ultimately, the model serves as a risk-informed decision tool to help SMBs enhance their cyber resilience and regulatory compliance.

This position paper outlines Insurance Europe’s feedback on the European Commission’s Digital Omnibus initiative, which seeks to streamline the complex regulatory environment for the insurance sector. The organization advocates for reducing administrative burdens by harmonizing rules across artificial intelligence, data protection, and cybersecurity. Key recommendations include delaying specific AI Act obligations to ensure technical readiness and clarifying GDPR definitions to foster innovation in automated decision-making. Additionally, the sources highlight the importance of a Single-Entry Point for reporting cyber incidents and the potential benefits of a European Business Wallet for secure digital authentication. Ultimately, the federation seeks a more coherent legislative framework that balances robust consumer protection with the operational flexibility needed for insurers to remain competitive.