Cyber Risk Conference: Putting Metrics Into Action

Quantum computing-an advanced form of computing that uses quantum mechanics to perform calculations much faster than classical computers-was another critical topic. As quantum computing advances, it may be able to break current encryption methods. Industry experts at the conference agreed that this will require firms to rethink data processing, storage and digital infrastructure protection, necessitating years of preparation.

The conference also highlighted the debate between skeptics of cyber risk quantification efforts and those who view these analytics as indispensable. Discussions centered on data quality and the lessons learned from past incidents. Despite mixed opinions on the consistency of existing metrics, there was a general consensus that enhanced data collection and sharing could help remediate current modeling deficiencies. Combining quantitative analysis with structured scenario design and expert judgment was identified as a powerful strategy for improving cybersecurity hygiene.

An international panel discussed the potential impact of severe cyber incidents on financial system stability to global financial stability. The panel agreed that without redundancies in critical service providers, cyber events can quickly turn into liquidity shocks. This discussion brought the challenge of third-party risk management into focus, emphasizing the need for a coordinated effort involving national authorities, regulators, private corporations and technical specialists to build a robust and integrated cyber defense ecosystem.

This year's conference underscored the importance of collaboration between government, industry, and academia to stay ahead of evolving cyber threats. By refining measurement and models, the financial sector can better manage cyber risks and ensure the resilience of the financial system. The Richmond Fed has fostered this collaboration since the first conference in 2022 and will continue to support the important focus on cybersecurity metrics and modeling in financial services.

Lisa White, Executive Vice President for Supervision, Regulation and Credit, closed the conference with this commitment: "After the past two days, it's even clearer to me that we need to remain laser focused on this topic. Given the pace of change in this area, we are never going to fully solve or eliminate the challenges that have been discussed. This is why the opportunity to convene this type of group of experts is so helpful. Going forward, we plan to complement this conference with regular, focused engagement between the financial industry, academia and government to help navigate the uncertain and complex road ahead more effectively."

An important part of the Fed's role in helping to ensure a safe, sound and stable banking and financial system is the supervision of banks' cyber risk management practices. At the Richmond Fed, our Supervision, Regulation and Credit team partners with the Board of Governors and other Reserve Banks across the Federal Reserve System to provide financial institutions with resources and training opportunities to complement their cyber risk practices. An executive summary of the conference can be found here. For more information or to be added to the mailing list for upcoming events, please email [email protected].