Nos derniers articles

The EU Cyber Resilience Act (CRA) establishes cybersecurity standards for connected digital products across the EU. The act aims to enhance transparency and reduce vulnerabilities through risk-based assessments and a CE (Conformité Européenne) marking scheme. While the CRA is seen as a crucial step to address systemic digital risks and regulatory gaps, this analysis suggests it is premature and underdeveloped. The paper raises concerns about the feasibility of its implementation, particularly for small and medium-sized enterprises (SMEs), and highlights challenges with standardized norms and third-party assessment frameworks. The CRA's success, the paper concludes, will depend on its adaptability and sensitivity to economic realities, suggesting it could otherwise hinder innovation.

There is an increasing AI use in insurance—50% in non-life, 24% in life. To address emerging risks, undertakings must clarify supervisory responsibilities, maintain full accountability, and implement proportionate governance. Risk managers should conduct impact-based assessments, emphasizing data sensitivity, consumer impact, and financial exposure. Strong governance includes fairness, data quality, transparency, cybersecurity, and human oversight. Oversight extends to third-party providers, with contractual safeguards required. AI systems must align with existing frameworks like ERM and POG, ensuring traceability, explainability, and resilience throughout their lifecycle. Supervisory convergence across the sector remains a key regulatory goal.

The paper 𝙏𝙝𝙚 𝙍𝙚𝙜𝙪𝙡𝙖𝙩𝙞𝙤𝙣 𝙤𝙛 𝘿𝙖𝙩𝙖 𝙋𝙧𝙞𝙫𝙖𝙘𝙮 𝙖𝙣𝙙 𝘾𝙮𝙗𝙚𝙧𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 by Jasmin Gider (Tilburg University - Tilburg University School of Economics and Management), Luc Renneboog (Tilburg University - Department of Finance), and Tal Strauss (European Central Bank ECB) compares and contrasts the regulatory landscapes of data privacy and cybersecurity in the EU and the US. It outlines the fragmented nature of US regulations, often relying on state-specific laws and sectoral approaches, in contrast to the EU's more unified framework like 𝗚𝗗𝗣𝗥 and 𝗡𝗜𝗦 Directives. The text details the increasing costs and frequency of cyber incidents, emphasizing the insufficient mandatory disclosure requirements in both regions. Furthermore, it identifies gaps in current legislation and ongoing efforts, such as the 𝗘𝗨'𝘀 𝗖𝘆𝗯𝗲𝗿 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗔𝗰𝘁 and the US.'s 𝗖𝗜𝗥𝗖𝗜𝗔, to enhance 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 and address underinvestment in 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆.

EU/EEA banks are required to integrate geopolitical risk into their business processes and risk assessments, focusing on exposures to vulnerable sectors amid heightened global tensions. Maintaining operational resilience is essential as banks face rapid changes in geopolitical and technological environments, with increased investment in cybersecurity a priority. As defense financing needs rise, banks must apply robust underwriting standards. Market volatility underscores the importance of prudent capital buffer management and timely bond issuance. Effective cost and provision management, sustainable revenue strategies, and the integration of ESG risks into risk frameworks are also mandated.

This study explores how Machiavellianism, a manipulative personality trait, fuels malicious insider behavior through the Fraud Triangle’s elements: pressure, opportunity, and rationalization. Analyzing 768 U.S. employees via PLS-SEM, researchers found Machiavellianism strongly influences all three, with rationalization as the primary driver of unethical intent. The findings highlight rationalization’s role in justifying malicious acts, urging organizations to bolster ethical cultures and accountability to curb insider threats. By linking personality traits to situational factors, the study enhances cybersecurity risk modeling and advocates for behaviorally informed insider threat prevention strategies.

The German and European banking sector is undergoing rapid transformation due to digitalization, ESG integration, regulatory changes, demographic shifts, and increased competition from FinTechs. Key challenges include managing complexity, leveraging AI and data, optimizing business models, and ensuring resilience and security. Banks must adapt quickly to survive, with successful integration of AI and ESG being crucial. Consolidation and evolution towards technology-driven or platform-based approaches are likely. Banks face a "transformation trilemma" of managing digital, regulatory, and ESG changes while maintaining profitability.
THE PAPER IS IN GERMAN

For years, "continuous monitoring" in cybersecurity lacked a clear definition, forcing improvised security practices. This paper introduces QUARC, a formal model that quantifies cybersecurity risk and links it to precise detection and response times. QUARC provides a robust, weight-free probabilistic risk function, translating this risk into concrete operational cadences using hazard and queue theories. This model offers a universal standard, allowing regulators to enforce testable compliance, security teams to monitor real-time conformance, and insurers to price risk accurately. QUARC transforms a vague policy into a measurable, enforceable reality, closing a critical loophole exploited by attackers.

This study analyzed six years of 10-K filings from 45 firms affected by ransomware, labeling 6,282 cybersecurity-related statements. Findings show disclosures increasingly focus on prospective risks and mitigation strategies, but fewer than half mention incident responses, revealing a lack of transparency. Firms often fail to connect potential risks to actual damages, highlighting limited awareness of ransomware threats.

State-sponsored cyberattacks are a growing and serious threat to financial stability, particularly as geopolitical tensions rise. The financial sector and regulators must prioritize cyber resilience and coordinated defense strategies to mitigate systemic risk.

Researchers proposed a new risk metric for evaluating security threats in Large Language Model (LLM) chatbots, considering system, user, and third-party risks. An empirical study using three chatbot models found that while prompt protection helps, it's not enough to prevent high-impact threats like misinformation and scams. Risk levels varied across industries and user age groups, highlighting the need for context-aware evaluation. The study contributes a structured risk assessment methodology to the field of AI security, offering a practical tool for improving LLM-powered chatbot safety and informing future research and regulatory frameworks.