Cyber Risk Measurement

Joint work of MIT, the Federal Reserve Bank of Richmond, and the Federal Reserve Board

MIT, the Federal Reserve Bank of Richmond, and the Federal Reserve Board are sponsoring a multi-part series dedicated to exploring the relationship between cyber incidents, measurable associated losses, and cyber risk modeling. Our research aims to identify common approaches to data collection, relevant definitions, and risk measurements, along with computational techniques that enable necessary data insights while preserving sensitive, proprietary information. Additionally, we seek to highlight key themes in the cyber risk realm by bringing together a broader set of leaders from industry, academia, the Federal Reserve and other supervisory agencies.

As part of this effort, MIT and partners from academia and industry will be forming an expert working group to build an analytical framework for measuring cyber risk within the financial service industry and identifying indicators to support the measurement. This will provide a new foundation for measuring cyber risk in the industry and allow organizations to benchmark themselves privately against industry averages.

Events and Publications


Sept. 7 – 8, 2022

We held the Federal Reserve / MIT Conference on Measuring Cyber Risk in the Financial Services Sector on September 7-8, 2022.


March 1 – 2, 2022

Understanding the impact of cyber attacks on our financial system remains an essential goal for the private sector, policy-makers and academic researchers.


Written by Filippo Curti, Jeffrey Gerlach, Sophia Kazinnik, Michael Lee and Atanas Mihovāˆ—

Abstract: Cyber risk is undeniably one of the most critical emerging risks to the financial industry.