Cyberattacks primarily impact firm value through increased costs rather than sales declines, indicating financial burdens over reputational damage. Costs persist beyond the short term, and firms invest in recovery efforts. Over time, reputational concerns have diminished as cyber resilience improves. These findings emphasize the need for strong corporate risk management, focusing on cost recovery, recovery planning, and trust restoration strategies tailored to specific contexts.
En 2024, la France vit plus que jamais dans une « société du risque» face aux tensions géopolitiques, au décrochage économique européen et à l'aggravation des risques climatiques (année la plus chaude, événements naturels coûteux). Les Français se sentent vulnérables et inquiets face aux risques de guerre et à la capacité future d'assurer les risques climatiques et autres. Le secteur de l'assurance, bien que créateur d'emplois et gérant un grand nombre de sinistres (dont le coût des événements naturels a atteint 5 milliards d'euros en France), fait face à une hausse de la sinistralité (dégâts des eaux, sinistres graves pour les professionnels, cyberattaques, sinistralité agricole record) et des coûts (réparation automobile, dépenses de santé).
EIOPA highlights the lack of consistent regulatory treatment for crypto assets in the (re)insurance sector, raising concerns about risk sensitivity. Current capital weight options may underestimate crypto risks. To ensure prudence, EIOPA proposes a uniform 100% capital requirement for all crypto holdings. This approach balances risk management with simplicity while acknowledging that future market growth may require revisions. A review of crypto treatment under Solvency II is recommended as the sector evolves.
The report assesses regulatory capital requirements, leverage ratios, liquidity metrics, and the implementation of total loss-absorbing capacity (TLAC) standards.It provides insights into the banking sector's resilience and the effectiveness of Basel III reforms.Detailed analyses and underlying data are provided.
The EBA report highlights payment fraud, driven by social engineering circumventing security, as the top concern for EU consumers. Rising indebtedness due to "Buy-Now-Pay-Later" schemes and poor lending practices is the second key issue. Thirdly, unwarranted de-risking limits vulnerable consumers' access to essential payment accounts. The EBA will consider actions in 2025/26 to address these issues and enhance EU consumer protection.
Quantifying ESG risks is challenging due to unique measurement issues beyond traditional financial risks, hindering firm-level and systemic analysis. Concentrated ESG investments by large institutions correlate with systemic risk, as their simultaneous decisions can destabilize markets. Regulatory frameworks promoting diversification are needed to address this "herd behavior." Further research should explore how ESG risks create hidden systemic vulnerabilities.
« Dans le contexte de la mise en œuvre de DORA, l’ACPR vient, à travers la mise à jour de sa FAQ, préciser certaines informations relatives aux nouvelles obligations qui s’appliquent aux entités financières concernant notamment : les modalités de remise du registre d’information, la réalisation de tests d’intrusion ou le champ d’application de cette nouvelle règlementation. »
This study analyzes ransomware negotiations through a social psychological lens, identifying three phases and distinct negotiation strategies. It offers practical insights for organizations to enhance resilience by understanding threat actor tactics and tailoring response protocols for effective negotiation.
The paper examines how managers strategically adjust the tone of soft information in ESG reports to maximize compensation. It highlights the trade-offs between exaggeration, internal controls, and future reputational costs. Strong incentives with weak controls lead to extreme biases, impacting regulatory decisions, corporate governance, and investor evaluations of ESG disclosures.
A structured IT outsourcing risk management policy is crucial for navigating third-party service complexities. This study proposes a framework integrating IT outsourcing principles with COBIT standards, covering risk identification, analysis, mitigation, and ongoing monitoring. Implementing this policy enhances organizational asset protection, operational continuity, and minimizes outsourcing risks. It improves information security and business process efficiency. This framework provides practical guidance for organizations to effectively manage risks and optimize IT outsourcing value.