skip to navigation skip to content
 

Emerging and systemic risks

Centre for Risk Studies

The modern knowledge economy is increasingly reliant on information technology, communication systems, and infrastructure service continuity. Exploring the emerging risk of disruption and catastrophic failure of these critical systems is a key theme of research at the Centre. Understanding cyber risk and the potential for massive failure of interconnected infrastructure systems requires a detailed technical appraisal of complex engineering interactions, a domain-specific assessment of the threat, and a risk analysis framework.  

Emerging risks

The Centre continues to monitor emerging risks and changes in the risk landscape. The Centre has a growing network of subject matter specialists on different threat types. Keeping abreast of the latest events, science, and interpreting the implications of changes for risk management is an important part of the research agenda. As new threats arise, these are examined through a standardised process of risk assessment. 

Understanding systemic risks

In light of their importance during the 2008 financial crisis, many business, financial institutions, and investors are striving to improve their understanding of systemic risks. The Centre for Risk Studies’ research programme contributes to the understanding of systemic risks, through mapping networks of interconnectivity, trade, and counterparties, and tracing the contagion and propagation mechanisms to amplify shocks through the system.

Cyber risk research

The Cambridge Centre for Risk Studies has been playing a leading role in research into cyber catastrophe risk since its earliest publications in 2013. The Centre’s approach includes developing an understanding of the cyber threat landscape resulting from different technological attack vectors, actors and motivations, and conceptualising potential scenarios of loss. The framework provides a method of assessing the economic and social impact of future cyber attacks. It also captures risk correlation structures and the potential for systemic cyber catastrophes to impact society, insurance companies, and national governments. This covers various mechanisms of cyber loss to the corporate ‘cyber’ economy. 

Cyber insurance accumulation risk

The Centre has played a significant role in helping develop the growing market for cyber insurance through creating data standards for monitoring cyber insurance exposure and developing accumulation scenarios for systemic cyber insurance losses in both affirmative (IT) and silent (OT) exposure. 

Interdependencies in critical national infrastructure

A major area of societal concern is the potential for failures of critical national infrastructure, which lead to systemic impact. The Centre has analysed a number of scenarios of failure of critical national infrastructure, including cyber attacks, solar storms, and interdependencies and cascading failures such as interruptions to water, telecommunications and transportation services following a power loss. 

The interaction and vulnerability of national infrastructure is an important theme for research. It involves understanding how power, communications, energy networks, transport and other systems rely on each other and their critical vulnerabilities to disruptive threats. Interdependencies between failure modes of infrastructure, whether digital or physical, continue to be an area of focus for the Centre.

Further resources

The loss of sensitive information gets all the headlines, but lesser-known threats from cyber attacks also deserve attention.

Read more

Research teams at CRS and AIG presented the science behind the analysis and discussion of the Helios Solar Storm Scenario Research Report.

Find out more

Blog: cyber risk

The Age of Ransomware: mitigating the next cyber heartbreak after WannaCry

A cyber catastrophe has occurred. A little before noon on Friday, 12 May 2017, a highly virulent strain of the ransomware WannaCry (known as WannaCrypt) began to spread through Windows systems worldwide, crippling the NHS healthcare system, Russian government ministries and French automobile plants, and ultimately impacting more than 200,000 computers in 150 countries by […]

Read more

Cyber-extortionists Take a Bite at Apple – Update

The Turkish Crime Family (TFC) versus Apple cyber extortion case is unique in being one of the first widely reported incidents of a large tech company being subjected to extortion. TCF claimed access to hundreds of millions of iCloud accounts, which they threatened to wipe if Apple did not pay a ransom (the amount in […]

Read more