Nos derniers articles

The German and European banking sector is undergoing rapid transformation due to digitalization, ESG integration, regulatory changes, demographic shifts, and increased competition from FinTechs. Key challenges include managing complexity, leveraging AI and data, optimizing business models, and ensuring resilience and security. Banks must adapt quickly to survive, with successful integration of AI and ESG being crucial. Consolidation and evolution towards technology-driven or platform-based approaches are likely. Banks face a "transformation trilemma" of managing digital, regulatory, and ESG changes while maintaining profitability.
THE PAPER IS IN GERMAN

For years, "continuous monitoring" in cybersecurity lacked a clear definition, forcing improvised security practices. This paper introduces QUARC, a formal model that quantifies cybersecurity risk and links it to precise detection and response times. QUARC provides a robust, weight-free probabilistic risk function, translating this risk into concrete operational cadences using hazard and queue theories. This model offers a universal standard, allowing regulators to enforce testable compliance, security teams to monitor real-time conformance, and insurers to price risk accurately. QUARC transforms a vague policy into a measurable, enforceable reality, closing a critical loophole exploited by attackers.

This study analyzed six years of 10-K filings from 45 firms affected by ransomware, labeling 6,282 cybersecurity-related statements. Findings show disclosures increasingly focus on prospective risks and mitigation strategies, but fewer than half mention incident responses, revealing a lack of transparency. Firms often fail to connect potential risks to actual damages, highlighting limited awareness of ransomware threats.

State-sponsored cyberattacks are a growing and serious threat to financial stability, particularly as geopolitical tensions rise. The financial sector and regulators must prioritize cyber resilience and coordinated defense strategies to mitigate systemic risk.

Researchers proposed a new risk metric for evaluating security threats in Large Language Model (LLM) chatbots, considering system, user, and third-party risks. An empirical study using three chatbot models found that while prompt protection helps, it's not enough to prevent high-impact threats like misinformation and scams. Risk levels varied across industries and user age groups, highlighting the need for context-aware evaluation. The study contributes a structured risk assessment methodology to the field of AI security, offering a practical tool for improving LLM-powered chatbot safety and informing future research and regulatory frameworks.

The Cyber Due Diligence Object Model (CDDOM) is a structured, extensible framework designed for SMEs to manage cybersecurity due diligence in digital supply chains. Aligned with regulations like NIS2, DORA, CRA, and GDPR, CDDOM enables continuous, automated, and traceable due diligence. It integrates descriptive schemas, role-specific messaging, and decision support to facilitate supplier onboarding, risk reassessment, and regulatory compliance. Validated in real-world scenarios, CDDOM supports automation, transparency, and interoperability, translating compliance and trust signals into machine-readable formats. It fosters resilient, decision-oriented cyber governance, addressing modern cybersecurity challenges outlined in recent research.

This study extends the Gordon–Loeb model for cybersecurity investment by incorporating a Hawkes process to model temporally clustered cyberattacks, reflecting real-world attack bursts. Formulated as a stochastic optimal control problem, it maximizes net benefits through adaptive investment policies that respond to attack arrivals. Numerical results show these dynamic strategies outperform static and Poisson-based models, which overlook clustering, especially in high-risk scenarios. The framework aids risk managers in tailoring responsive cybersecurity strategies. Future work includes empirical calibration, risk-averse loss modeling, cyber-insurance integration, and multivariate Hawkes processes for diverse attack types.

The EU prioritizes cybersecurity and data protection due to rising cyber threats and digital transformation. It employs regulations like GDPR for personal data and the NIS Directive for critical infrastructure resilience. This study analyzes their impact, challenges, and interplay, also comparing them globally to assess effectiveness in safeguarding digital security and fostering trust.

Increased cyber risk drives U.S. banks to diversify information sources, especially large, nationally chartered banks. This suggests cyber threats erode data confidence, forcing banks to seek verification. Specialized institutions are more vulnerable to data integrity disruptions.

This study integrates cybersecurity risks into a neoclassical growth model, revealing that proactive investments enhance long-term stability, while industry-specific vulnerabilities (capital-intensive resilience vs. labor-intensive disruptions) and systemic risks affect macroeconomic resilience. Optimal resource allocation, adaptive risk strategies via Bayesian updating, and prioritizing cybersecurity in long-term planning balance security with growth.