Bank cyber chiefs at odds over risk models

Vast scope of threats makes modelling unfeasible, say practitioners

Cyber protection
Not so easy: can risk models ever accurately capture cyber risk?

An old business adage holds that ‘you can’t manage what you can’t measure’. This is especially apposite in risk management. Banks have spent several decades and billions of dollars developing models to estimate potential losses from market and credit risks, but many chief information security officers (CISOs) confess to being unable to measure their exposure to cyber risk with anything like the same degree of accuracy.

“Wouldn’t it be great if CISOs had something like credit risk [modelling]

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to View our subscription options

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here