Skip to main content
Friday, April 24, 2020

Inaugural Volatility and Risk Institute Conference

Cyber Resilience in the Time of COVID-19: Managing the Consequences of Risk Contagion

Inaugural Volatility and Risk Institute Conference - Cyber Resilience in the Time of COVID-19: Managing the Consequences of Risk Contagion

Friday, April 24, 2020 | 9:00am - 1:00pm ET

Our conference on “Cyber Resilience in the Time of COVID-19: Managing the Consequences of Risk Contagion.” was held virtually on Friday, April 24, 2020. The webinar consisted of two panels, a fireside chat, and an update from our Directors about our latest research. Additionally, we released pre-recorded videos of our conference paper sessions. A full program and videos of the session can be found below. 

9:00am - 9:40am: Welcome to the VRI and What's New in VLAB (Video | Slides)
Robert Engle & Richard Berner (Co-Directors, Volatility and Risk Institute)

9:45am - 10:30am: Fireside Chat on Cyber Risk Measurement and Scorecards (Video | Paper 1 | Paper 2)
Phil Venables (Senior Advisor, Goldman, Sachs & Co.) interviewing Jack Freund (Director, Risk Science, RiskLens; Fellow of the FAIR Institute)

10:45am - 11:45am: Panel - Practitioner Approaches to Cyber Resilience (Video)
Moderator: Judith Germano (Distinguished Fellow, NYU Center for Cybersecurity and NYU Center on Law & Security)
Melissa Hathaway (President, Hathaway Global Strategies, LLC)
Simon Hunt (EVP, Cyber-Security Product Innovation, Mastercard)
Shamla Naidoo (VP Managing Partner, IBM Security)

12:00pm - 1:00pm: Panel - Cyber Insurance in the Age of COVID-19 (Video)
Moderator: Randal Milch (Professor of Practice, NYU School of Law)
Jeffrey Bohn (Chief Research & Innovation Officer and Head of Research & Engagement, Swiss Re)
Matthew McCabe (Senior Vice President, Marsh Cyber Practice)
Matthew Prevost (Senior Vice President, Cyber Product Manager, Chubb)

Recorded Paper Sessions
Hilary J. Allen (American University, Washington College of Law) - “Payments Failure” (Video | Paper)
Antoine Bouveret (European Securities and Markets Authority) - "Losses Due to Cyber Risk and Concentration Risks Related to Cloud Providers for the Financial Sector" (Video | Paper | Slides)
Michael Lee (Federal Reserve) - “Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis” (Video | Paper)
Jonathan Welburn (RAND) – “Systemic Cyber Risk and Aggregate Impacts” (Video | Paper)
René M. Stulz (Ohio State University) - “Risk Management, Firm Reputation, and the Impact of Successful Cyberattacks on Target Firms” (Paper)

Industry, government and civil society are properly concerned with how to better allocate societal resources to the endless struggle over cybersecurity. The sophistication of threats and society’s attack surface will continue to increase and as we continue to digitize our lives the effects of incidents will be more keenly felt, which makes mitigating the effects of inevitable losses — resilience — a critical response to cyber insecurity. That’s especially true in the midst of the COVID pandemic; businesses and workers rely now more than ever on IT-enabled remote engagement, and business models are evolving rapidly.

This year's VRI Conference will center on two inter-related and important aspects of resilience to cyber attacks on our critical infrastructures:

First, the risks flowing from an attack on critical infrastructure likely will propagate across sectors of our society in complex and surprising ways. For example, a successful attack on the power grid could cripple businesses, governments and households, spilling over adversely into food, shelter, health, and essential services, not to mention information and financial services, and creating contagion. These spillovers and the interconnectedness of our world means that understanding and capturing the risks from a cyber failure is a multi-sectoral, interdisciplinary exercise. The conference will feature efforts to assess and analyze such spillovers.

Second, risk propagation requires risk mitigation to propagate as well. To build resilience, every link in the chain matters, both strong and weak. Effective mitigation may will see resources allocated to a sector that is seemingly small and/or far removed from the one suffering the cyber attack, but which is connected to it. Building multi-sector resiliency is complex: What information is needed to assess propagating risks and mitigation efforts? How should the efforts to capture, analyze and monitor propagating risks and mitigation efforts be organized; what are the proper roles for businesses, governments and citizens? What incentives are needed to foster these multi-sector efforts? How should the costs of these efforts be captured and paid for? How should nations collaborate and coordinate these efforts across borders? And how can these risks be hedged or insured against? The conference will try through individual and panel presentations to answer these questions.

For information on past Volatility and Risk Institute conferences, you can visit our past conference page.