Nos derniers articles

This publication presents recommendations for integrating cybersecurity incident response into risk management, using the 𝗡𝗜𝗦𝗧 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸 (𝗖𝗦𝗙) 𝟮.𝟬 as a reference model. It defines a life-cycle based on the six CSF functions (𝗚𝗼𝘃𝗲𝗿𝗻, 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆, 𝗣𝗿𝗼𝘁𝗲𝗰𝘁, 𝗗𝗲𝘁𝗲𝗰𝘁, 𝗥𝗲𝘀𝗽𝗼𝗻𝗱, 𝗥𝗲𝗰𝗼𝘃𝗲𝗿), outlines roles and responsibilities, and provides a “Community Profile” mapping priorities, recommendations, and considerations for incident response. The document also emphasizes continuous improvement, customizing guidance to organizational context, and leveraging other NIST and external resources.

The provided text is an **academic article** that offers a comprehensive **analytical review of cyber risk management** within the insurance industry, focusing heavily on the **mathematical models** used for risk quantification and premium pricing. The review systematically covers the current state-of-the-art in cyber risk, discussing how dynamic and interconnected threats challenge traditional actuarial methods, necessitating the use of advanced quantitative tools like **stochastic models and copulas** to manage dependencies and calculate **Solvency Capital Requirements (SCR)**. It thoroughly details various **vulnerability functions** (including the well-known Gordon-Loeb model and its extensions) and different **premium calculation principles** (such as Expected Value and Mean-Variance), concluding that closer collaboration between different disciplines is essential for developing **robust cyber insurance and reinsurance solutions** in an increasingly digital landscape.

The geospatial Agent-Based Model (ABM) framework outlined in this article enables financial institutions, including insurers, to quantify direct and cascading climate risks, capturing spatial and temporal dynamics and supply chain disruptions overlooked by traditional models. It supports climate scenario analysis for enhanced risk assessment and portfolio management, revealing systemic risks affecting even indirectly exposed agents. The framework evaluates cost-effective adaptation strategies, showing how firms’ adaptive behaviors, like pre-emptive capital increases, reduce climate impacts. By integrating geospatial climate data with economic models, it bridges gaps between climate projections and financial decision-making, aiding risk management and capital allocation.

This research addresses the critical challenge of model ambiguity in insurance, where the true probabilities of losses are uncertain. It introduces randomly distorted Choquet integrals, a novel mathematical tool for creating flexible and dynamic risk measures. This provides a formal, unified methodology to resolve expert disagreements by extending industry-standard metrics like Value at Risk (VaR) and Average Value at Risk (AVaR). The framework allows a decision-maker to synthesize divergent opinions—whether on key parameters like a VaR confidence level or on the fundamental risk model itself (e.g., VaR vs. AVaR)—into a single, coherent, and scenario-dependent assessment.

The guide emphasizes a foundational set of principles that apply across all risk types. These include robust governance, comprehensive documentation, sound data management, and effective model risk management.

The UK Financial Conduct Authority (FCA) has clarified that serious bullying and harassment in financial firms constitute misconduct under its rules. Previously, the classification of such behaviors as conduct breaches was often unclear for firms other than banks.
Effective September 1, 2026, these regulations will encompass approximately 37,000 additional regulated firms, aiming for consistent standards across the financial services sector. Substantial cases of poor personal behavior will also be mandated for inclusion in regulatory references, similar to financial misconduct, to prevent individuals from avoiding accountability by changing employers.
The FCA is consulting on further guidance to aid firms in implementing these changes, considering feedback on earlier drafts. This guidance addresses how firms should evaluate non-financial misconduct, including social media use and private life behavior, when assessing an individual's fitness for financial services roles. The consultation period for this guidance extends until September 10, 2025.

This report examines how European (re)insurers address biodiversity risks, which threaten financial stability due to their complexity and links with climate risks. Despite challenges in quantifying impacts, one in five insurers references biodiversity in their risk assessments, though mostly qualitatively. Promising practices show growing awareness, but regional variations and limited metrics hinder progress. EIOPA calls for enhanced collaboration to improve data, models, and risk management, emphasizing the need to better understand the climate-biodiversity nexus and explore nature-based solutions to address insurance gaps.

This paper introduces a robust method for evaluating Conditional Value-at-Risk (CVaR) when data distribution can't be simulated. Using rolling data windows as proxies for independent samples, the approach effectively assesses worst-case risk. Applied to Danish fire insurance data, it outperformed traditional DRO (distributional risk optimization) methods—achieving accurate, less conservative estimates in 87% of cases. This advancement enables reliable risk management even with limited tail data. Future research will focus on refining robustness guarantees and integrating extreme value theory into decision-making models involving rare but impactful events.

For years, "continuous monitoring" in cybersecurity lacked a clear definition, forcing improvised security practices. This paper introduces QUARC, a formal model that quantifies cybersecurity risk and links it to precise detection and response times. QUARC provides a robust, weight-free probabilistic risk function, translating this risk into concrete operational cadences using hazard and queue theories. This model offers a universal standard, allowing regulators to enforce testable compliance, security teams to monitor real-time conformance, and insurers to price risk accurately. QUARC transforms a vague policy into a measurable, enforceable reality, closing a critical loophole exploited by attackers.

A review of 28 studies (2019–2023) shows growing academic interest in the relationship between fintech and banking risk, using diverse models and frameworks. Research focuses on bank-level, country-level, and fintech-specific measures, analyzing risks like insolvency, credit, liquidity, and market risk. The study highlights the importance of interdisciplinary and cross-country research, recommends adopting multi-theoretical frameworks, and urges consideration of individual-level factors such as financial literacy and digital access. For policymakers, it offers guidance on monitoring fintech’s impact and stresses the need for comprehensive regulation and global cooperation to ensure financial stability and effective risk management.