Nos derniers articles

This research paper by Dr. Ana Zavgorodnia argues that cybersecurity spending should be managed through the same capital allocation discipline used in other major business domains. Although tools for quantifying risk exist, many boards currently approve security budgets based on compliance or technical narratives rather than financial materiality. To bridge this gap, the author introduces a framework featuring Exposure-Adjusted Estimation to identify risk concentrations and a Risk Efficiency Ratio to prioritize investments based on their marginal return. The model also categorizes spending into four functional domains to help leadership maintain a balanced security portfolio. By aligning with 2023 SEC disclosure rules, this approach transforms the CISO’s role into one focused on economics and risk-adjusted decision-making. Overall, the text provides a structured mechanism for boards to exercise substantive oversight by treating cyber defense as a strategic financial priority.

Ce rapport d'activité présente le bilan de la CCR (Caisse Centrale de Réassurance) pour l'année 2025, marquant ses 80 ans d'existence au service de l'intérêt général. En tant que réassureur public français, l'organisme consolide sa trajectoire financière grâce à une revalorisation de la surprime Cat Nat, tout en gérant les sinistres climatiques comme le cyclone Garance. Le document souligne une orientation stratégique majeure vers la prévention des risques extrêmes et l'accompagnement des territoires face aux menaces environnementales et cyber. À travers des entretiens et des indicateurs clés, la direction réaffirme l'efficacité du partenariat public-privé pour garantir l'assurabilité durable malgré l'intensification des catastrophes naturelles. Enfin, l'expertise de la CCR s'illustre par ses activités de conseil aux pouvoirs publics et ses investissements ciblés dans la résilience climatique.

The report outlines how digitalization and technological innovation introduce significant operational and digital risks to global financial stability. Key vulnerabilities include the expansion of Artificial Intelligence (AI), which complicates governance and monitoring while increasing systemic correlations. Furthermore, the report highlights risks from third-party dependencies, particularly cloud concentration among a few providers, which could amplify crises. Operational resilience is also a primary concern; outages at critical nodes or cyber incidents are viewed as direct threats. Consequently, the FSB is prioritizing standardized incident reporting and public-private collaboration to mitigate these emerging threats by 2026.

This research presents a machine learning framework designed to predict and reduce the risk of identity theft caused by phishing and social engineering. The authors developed a Cyber Risk Score (CRS) that combines observable security habits, like password hygiene, with latent psychological traits such as impulsive link-clicking. By utilizing a hybrid stacking ensemble model, the study achieved a 93% accuracy rate in identifying vulnerable social media users. Beyond mere prediction, the system uses SHAP analysis to provide transparent, personalized recommendations tailored to an individual’s specific behavioral weaknesses. This user-centered approach aims to bridge the gap between cybersecurity knowledge and actual online behavior through evidence-based interventions. Ultimately, the framework offers a scalable, ethical solution for organizations to protect users in increasingly sophisticated digital environments.

This paper by Caroline Hillairet, Olivier Lopez and Lionel Sopgoui (CREST, UMR CNRS) describes a stochastic SIR model designed to quantify the financial impact of contagious cyber-attacks on corporate revenues and insurance portfolios. By blending epidemiological frameworks with economic granular growth models, the researchers account for the reality that larger firms are more frequent targets and exhibit different internal infection dynamics. The model specifically utilizes Cox-Ingersoll-Ross (CIR) processes to incorporate environmental variability, allowing for more realistic simulations of how ransomware spreads within and between organizations. A key practical application analyzes the 2024 LockBit ransomware attacks, offering insurers a method to calculate Aggregate Exceedance Probabilities to forecast potential losses. Ultimately, the framework bridges the gap between cybersecurity technicalities and financial risk management, providing a tool for measuring systemic cyber threats across diverse industrial sectors.

This research introduces a Bayesian Network simulation model designed to quantify the effectiveness of Zero Trust Architecture (ZTA) within small-medium businesses (SMBs). By utilizing Monte Carlo simulations and historical data, the study validates how ZTA can reduce the likelihood of data breaches and the overall magnitude of cyber risk by up to 20 percent. The authors analyze critical implementation barriers, such as financial constraints and organizational resistance, providing a roadmap for resource-strapped firms to adopt "never trust, always verify" principles. Key findings highlight that credential-based attacks and insider threats are the most significant risks, which can be mitigated through core controls like encryption and multi-factor authentication. Ultimately, the model serves as a risk-informed decision tool to help SMBs enhance their cyber resilience and regulatory compliance.

This position paper outlines Insurance Europe’s feedback on the European Commission’s Digital Omnibus initiative, which seeks to streamline the complex regulatory environment for the insurance sector. The organization advocates for reducing administrative burdens by harmonizing rules across artificial intelligence, data protection, and cybersecurity. Key recommendations include delaying specific AI Act obligations to ensure technical readiness and clarifying GDPR definitions to foster innovation in automated decision-making. Additionally, the sources highlight the importance of a Single-Entry Point for reporting cyber incidents and the potential benefits of a European Business Wallet for secure digital authentication. Ultimately, the federation seeks a more coherent legislative framework that balances robust consumer protection with the operational flexibility needed for insurers to remain competitive.

This report examines the escalating systemic risks within the European and global financial landscapes between late 2025 and early 2026. Cyber and hybrid threats are identified as a primary concern, exacerbated by the sector's heavy reliance on a small number of critical ICT third-party providers like AWS. Market volatility is further fueled by stretched equity valuations in the technology and AI sectors, alongside structural vulnerabilities exposed by a major crypto-asset flash crash in October 2025. Additionally, the reports highlight macroeconomic uncertainties such as rising public debt, shifting trade policies, and the lack of transparency in the rapidly expanding private credit market. To counter these instabilities, authorities are focusing on regulatory frameworks like the Digital Operational Resilience Act (DORA) to strengthen oversight and mitigate potential contagion. Efforts to improve operational resilience remain central to protecting investors and maintaining orderly markets amidst these diverse financial and technological pressures.

Ce document du Haut Conseil de Stabilité Financière propose une analyse approfondie du risque cyber en tant que menace systémique pour le secteur financier. Les sources examinent l'explosion des coûts économiques, tout en soulignant la complexité de mesurer précisément ces pertes en raison du manque de données historiques. L'étude identifie plusieurs canaux de transmission, tels que la perte de confiance des clients et l'interconnexion technologique via le cloud, qui pourraient transformer un incident local en crise de liquidité globale. L'émergence de l'intelligence artificielle et de l'informatique quantique est présentée comme un facteur aggravant qui fragilise les méthodes de chiffrement actuelles. Pour contrer ces vulnérabilités, les auteurs préconisent une coopération internationale accrue et s'appuient sur le règlement européen DORA pour renforcer la résilience opérationnelle. Enfin, le texte souligne l'importance des tests de résistance et d'une transition rapide vers une cryptographie capable de résister aux futures capacités de calcul.

This position paper emphasizes that climate resilience is a shared responsibility requiring cooperation between the insurance industry, public officials, and private citizens. While insurers offer financial protection and risk expertise, the document argues that governments must lead on preventative measures like updated building codes and improved land-use planning to keep risks manageable. To address the rising costs of natural disasters, the sources advocate for a transition from reactive relief to proactive investment in long-term adaptation and nature-based solutions. Furthermore, the text highlights the importance of transparent data and sector-specific roadmaps to guide societies toward a more stable, net-zero future. Ultimately, the goal is to maintain insurance affordability through unified European support and robust national partnerships.