This paper examines cyber security issue in banks during Covid 19 pandemic. The objective of the work is to propose a model for the management and control of cyberisk, based on the identification of the most complete methods of evaluation, in qualitative and quantitative terms, and thus able to better describe the possible impacts of its manifestation on the bank's business. The document provides some answers to the issues of covid-19 impact on bank's cyber security and the possibility to define a cyberisk governance structure able to support the challenges and the new policies to include in the Risk appetite framework, for more incisive mitigation of cyberisk during the pandemic. This study applies a case study approach. It is based on quantitative data and qualitative information obtained through semistructured interviews and questionnaires addressed to the chief risk officer and its officers for operational and IT risk. The research contributes to the literature by proposing a framework for the management and control of cyber risk based on a mapping of IT assets and operational risk and their relationships.
Cyber Security in the Age of Covid 19 Pandemic: An Empirical Model to Manage the Risk in Banks
Giuseppina Iacoviello;Elena Bruno;Iacopo Cavallini
2021-01-01
Abstract
This paper examines cyber security issue in banks during Covid 19 pandemic. The objective of the work is to propose a model for the management and control of cyberisk, based on the identification of the most complete methods of evaluation, in qualitative and quantitative terms, and thus able to better describe the possible impacts of its manifestation on the bank's business. The document provides some answers to the issues of covid-19 impact on bank's cyber security and the possibility to define a cyberisk governance structure able to support the challenges and the new policies to include in the Risk appetite framework, for more incisive mitigation of cyberisk during the pandemic. This study applies a case study approach. It is based on quantitative data and qualitative information obtained through semistructured interviews and questionnaires addressed to the chief risk officer and its officers for operational and IT risk. The research contributes to the literature by proposing a framework for the management and control of cyber risk based on a mapping of IT assets and operational risk and their relationships.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.