Cyber risk remains at the top of the list of risks to the financial system, and the financial system is well known as the primary target for hackers (see here, here and here). In response, financial institutions expend huge resources on protecting their information systems—by one estimate, well over $100 billion. Yet, private sector actions to prevent cyber losses fall short due to a glaring externality: since the damage is likely to spill over to other financial firms and to markets, individual firms cannot reap the full benefits of preventing cyber attacks.

To get a sense of the financial stability risks associated with cyber fragility, we need to understand the financial system in some detail. Unfortunately, financial networks are highly complex and vary significantly across markets and functions. They also evolve meaningfully over time. On top of these enormous challenges, assessing network vulnerabilities frequently requires institution- or transactions-level information that is normally not publicly available.

This brings us to the important recent work of Eisenbach, Kovner and Lee (EKL), who study the vulnerability of the U.S. large-value interbank payments system, Fedwire, to a cyber attack on one of the principal nodes of the payments network—namely, one of the top five banks. In this post, we highlight EKL’s analysis as a model for the assessment of cyber-driven network risks. We suggest how central bankers should react to a cyber attack on the payments system, and speculate about what is needed to prevent, as well as mitigate, cyber risks….