Businesses and governments around the globe now recognize cyber insecurity as one of the top risks facing their organizations and their civil and economic infrastructures. The risk that critical information may be stolen or corrupted, public and private assets may be compromised or destroyed, and a cyber attack may bring overall loss of confidence in economic and governmental activity are real and prevalent threats. In collaboration with the NYU Center for Cybersecurity and other faculty, the Volatility and Risk Institute is focusing on cyber threats and their interplay with political, societal and economic risks. VRI’s ongoing analysis of the evolving nature of cyber risks will inform business risk management and protocols as well as government policies and actions.
Measuring and assessing the origins and consequences of cyber risks are essential first steps. We intend to explore and develop metrics for assessing and managing cyber and operational risk, and to share them with business and policy decisionmakers via VLAB.
Our latest research on Cyber Risk
- Arcelus, Almudena, Brian Ellman, and Randal S. Milch. "How Much is Data Security Worth?" Scitech Lawyer 15.3 (2019): 10-15.
- Amoroso, Edward, Cyber Attacks: Protecting National Infrastructure. Elsevier, 2012.
- Berner, Richard, “How to Focus Cybersecurity Efforts on Financial Stability,” February 15, 2017, OFR Blog.
- Germano, Judith, “Cybersecurity Risk & Responsibility in the Water Sector,” American Water Works Association, 2019.
- Germano, Judith, “Third-Party Cyber Risk & Corporate Responsibility,” Center for Cybersecurity, 2017.
- Germano, Judith, and Zachary Goldman. "After the Breach: Cybersecurity Liability Risk." The Center on Law and Security, New York University School of Law (2014).
- Germano, Judith. "Cybersecurity Partnerships: A New Era of Public-Private Collaboration" NYU Center on Law and Security (2014).
- Memon, Nasir, and Hossein Siadati, “Detecting Structurally Anomalous Logins Within Enterprise Networks,” CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, p. 1273-1284.