This annual report analyzes how cybersecurity policy translates into practical actions, investments, and operational changes within organizations across the EU, particularly those in high-criticality sectors under the NIS2 Directive. The findings, based on a survey of over 1,000 professionals, highlight that while regulatory compliance is the main driver of investment, challenges persist, such as the cyber talent crunch and difficulties with fundamental tasks like patching and security assessments. Key insights from the report show a shift in spending toward technology and outsourcing, and an ongoing concern over ransomware and supply-chain attacks. This ENISA study ultimately aims to inform policymakers by revealing the practical obstacles and shifting priorities faced by entities working to enhance their cyber resilience.
This paper explores the relationship between Artificial Intelligence (AI) and cybersecurity, emphasizing AI's critical role in modern digital defense. The abstract and introduction establish the urgent need for advanced security solutions due to the increasing reliance on digital platforms and the rise of cyber threats. The research specifically examines how AI technologies like machine learning and deep learning enhance threat detection and incident response for organizations. Conversely, the document addresses significant risks associated with AI in security, including algorithmic bias, adversarial attacks, and the threat of deepfake technologies. Finally, the conclusion argues that AI's benefits outweigh its drawbacks when implemented with robust mitigation strategies, such as quantum security and human oversight, ensuring ethical and effective use.
This paper summarizes the use of Extreme Value Theory (EVT) for modeling large insurance claims, particularly within reinsurance, where managing tail risk is paramount.
The core argument is that standard EVT must be adapted to overcome unique actuarial data challenges, including censoring (due to limits/delays), truncation (due to maximum possible losses), and data scarcity.
Key adaptations discussed include:
Truncation and Tempering Models to account for limits or weakening tail behavior.
Censoring-Adapted Estimators (e.g., modified Hill) for incomplete data.
Splicing/Composite Models that combine body and tail distributions (e.g., Mixed Erlang/Generalized Pareto) for a full-range fit.
Advanced Regression and Multivariate Models to incorporate covariates (like climate change effects) and analyze spatial dependencies.
A profound, tailored application of EVT is deemed critical for sound pricing and risk management of catastrophic risks.
Le baromètre 2025 met en évidence une prise de conscience généralisée du risque géopolitique, désormais perçu comme un facteur de rupture majeur pour les entreprises. Si son intégration dans la gouvernance et les cartographies progresse, les moyens dédiés restent limités : budgets faibles, absence de ressources spécialisées et formations rares. Le pilotage demeure fragmenté et souvent réactif, malgré une reconnaissance de l’interdépendance croissante entre tensions internationales, chaînes de valeur et risques opérationnels. Les organisations identifient comme menaces principales les conflits potentiels impliquant les grandes puissances et appellent à une évolution vers une culture d’anticipation structurée et transversale.
This paper addresses the difficulty of 𝗶𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗻𝗴 𝗰𝗼𝗺𝗽𝗹𝗲𝘅, 𝗵𝗶𝗴𝗵-𝗱𝗶𝗺𝗲𝗻𝘀𝗶𝗼𝗻𝗮𝗹 𝘀𝗽𝗮𝘁𝗶𝗮𝗹 𝗱𝗮𝘁𝗮, 𝘀𝘂𝗰𝗵 𝗮𝘀 𝗰𝗹𝗶𝗺𝗮𝘁𝗲 𝗮𝗻𝗱 𝘀𝗮𝘁𝗲𝗹𝗹𝗶𝘁𝗲 𝗶𝗺𝗮𝗴𝗲𝗿𝘆, 𝗶𝗻𝘁𝗼 𝗽𝗿𝗲𝗱𝗶𝗰𝘁𝗶𝘃𝗲 𝗺𝗼𝗱𝗲𝗹𝘀 𝗳𝗼𝗿 𝗶𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲.
The study proposes a novel multi-view contrastive learning framework designed to generate low-dimensional spatial embeddings. This method aligns data from multiple sources (e.g., satellite imagery and OpenStreetMap features) with coordinate-based encodings.
The resulting embeddings are shown to consistently improve predictive accuracy in risk models, demonstrated through a case study on French real estate prices. The paper highlights that the embeddings capture spatial structure, enhance model interpretability, and exhibit transferability to unobserved regions.
The paper summarizes a study of U.S. listed firms (2010‑2022) that examines how major cyber incidents—defined as events affecting ≥10,000 individuals or disclosed in an 8‑K—drive lasting upgrades in personnel, technology, and architecture. Findings indicate a 27% rise in cybersecurity hiring that persists for at least two years, alongside increased adoption of specialized software (+30%), cloud services (+11%), and memory‑safe languages (+50‑60%). Breached firms often surpass peers, and spillover effects occur through industry and IT‑system similarity networks, but not via geographic proximity. Cyber‑insurance coverage correlates with muted responses, suggesting potential moral hazard.
This peer review assesses the Dutch authorities' frameworks for monitoring cyber risks, implementing supervisory practices, and coordinating incident response mechanisms. Key findings highlight the Netherlands' significant progress, including the development of the Threat Intelligence-Based Ethical Red-teaming (TIBER) and Advanced Red Teaming (ART) frameworks, while also identifying areas for improvement, such as streamlining information sharing mechanisms and analyzing third-party risks. Overall, the report underscores the persistent challenges posed by the evolving threat landscape and the strategic steps taken by the Netherlands to maintain financial stability against operational and cyber threats.
The paper argues that Shapley allocation is the most suitable risk allocation method for financial institutions, balancing theoretical properties, accuracy, and practicality. It overcomes perceived computational intractability by replacing the exponential analytical approach with an efficient Monte Carlo algorithm that scales linearly and becomes preferable for ≥10-14 units. The study proposes solutions for negative allocations, a consistent multi-level hierarchical framework (PTD, CTD, BU approaches), and demonstrates applicability to large trading portfolios under Basel 2.5 and FRTB regimes, showing Shapley better captures diversification and hedging effects compared to simpler methods.
The BCBS November 2025 monitoring report (data as of 31 December 2024) on 176 banks shows Group 1 banks’ CET1 ratios rose to 14.0%, with no capital shortfalls under fully phased-in Basel III rules. Full implementation is projected to raise Tier 1 minimum required capital by 1.4% for Group 1 banks, driven mainly by the output floor and market risk revisions. A €5.7 billion TLAC shortfall persists among some G-SIBs. Operational risk’s share of MRC fell to 16.0% as 2008-crisis losses fade, but the report notes Covid-19-related losses may soon increase operational risk capital. Leverage and liquidity ratios remained stable and well above minima.
Le G7 Cyber Expert Group analyse l’impact croissant de l’intelligence artificielle sur la cybersécurité du secteur financier. L’IA, notamment l’IA générative et les systèmes agentiques, offre des capacités avancées pour renforcer la détection des menaces, automatiser l’analyse d’anomalies, améliorer la réponse aux incidents et surveiller plus efficacement les fournisseurs et chaînes d’approvisionnement. Ces atouts peuvent accroître la résilience opérationnelle des institutions financières.
Parallèlement, l’IA génère de nouveaux risques. Les acteurs malveillants peuvent utiliser ces technologies pour créer des attaques plus sophistiquées, automatiser le développement de maliciels, produire des campagnes d’hameçonnage hautement personnalisées ou contourner des systèmes de défense. Les modèles d’IA eux-mêmes deviennent vulnérables à la manipulation des données, aux fuites d’informations ou aux attaques d’ingénierie sociale visant les systèmes automatisés.
Le rapport souligne que ces évolutions exigent une adaptation de la gouvernance, de la supervision, de la gestion des tiers et des compétences internes. Les institutions doivent intégrer la cybersécurité dans le développement et l’usage de l’IA, assurer une supervision humaine adéquate, protéger les données, renforcer la détection et la réponse aux incidents et investir dans les compétences spécialisées. Les autorités sont encouragées à actualiser leurs cadres de risque, à coopérer avec l’industrie et la recherche, et à promouvoir une IA sûre, fiable et transparente pour préserver la stabilité du système financier.