Skip to content

A new perspective on cyber risk, applied to the UK FMI ecosystem

Posted 31 May 2019

Applying the benefit harm index (BHI) – A new approach to modelling risk assessment of cyber ecosystems and their socio-economic impacts) to the UK’s evolving financial markets infrastructure (FMI) ecosystem.

Within an increasingly complex and interconnected world, the way in which cyber threats are perceived and responded to needs to be reconsidered. Traditional risk models rely heavily on probabilistic approaches, which demand stable distribution and almost complete knowledge of all possible states.

New advances in digital technologies, combining huge data, rapidly evolving automated algorithms and the prospect of a generational shift in network speed and capacity, pose serious challenges to traditional risk modelling. Through the Hermeneut project (part of the European Community’s Horizon 2020 programme) Digital Catapult has proposed a new approach to understanding dynamic and emergent threats: the benefit harm index (BHI), which integrates ideas from both economics and complexity science.

This report shows how this exciting new perspective on cyber risk modelling can be applied to the cyber ecosystems that form many of today’s critical national infrastructures (CNI) – complex systems of systems that exhibit emergent behaviour and require a new approach to cyber risk assessment. This study looks at the systemic socio-economic impacts that can result from cyber attacks associated with emergent threats to CNI cyber ecosystems, and uses the UK financial markets infrastructure (FMI) ecosystem as a case study for the new BHI approach.

The UK FMI ecosystem is part of the UK economy and is one of the UK’s 13 CNI components. Systemically important FMIs play an essential role in the financial system, and the disorderly failure of such an FMI could lead to severe systemic disruption if it caused markets to cease to operate effectively.

A high-level ecosystem for 2020-30 has been modelled to focus on the critical FMI operational systems domain, and on the associated domains of UK governance, the supply chain and wider non-critical core services.

Finally, there is a description of the approach that can be used to mitigate the growth of harm within these complex systems of systems, and highlights the use of Implication Wheel™1 methodology to uncover emergent systemic threats to the UK FMI cyber ecosystem.

To continue reading this report in full, please click on the link below