Recently, the Bank of Japan (BoJ) released a semiannual report that included critical statistics from the Center for International and Security Studies at Maryland (CISSM) and the Center for Governance of Technology and Systems (GoTech) Cyber Events Database.
The Cyber Events Database provides open-source information on a range of publicly acknowledged cyber events affecting both private and public organizations. It includes events from 2014 to the present and has standardized information on threat actors, threat actor countries, motives, targets, end effects, industry, and country impact. The taxonomic system used to sort cyber events in the database, which has been featured in the pages of the Journal of Information Warfare, was originally developed at CISSM by GoTech Director Charles Harry and CISSM Director Nancy Gallagher.
BoJ noted the Cyber Events Database in its semiannual Financial System Report’s section on determining risks brought about by changes in the business environment related to digital technology.
“The BoJ along with other institutions are utilizing the cyber events dataset to draw insight into what actors are targeting the financial sector and what effects they are achieving,” said Harry. “The revealed preference of the attackers provides a deeper understanding of the risks posed by the range of attackers.”
As the report notes, the spread of digital technology allows financial institutions to improve operational efficiency and provide services; however, it also becomes a new source of business and operational risk. In Chart IV-5-1 labeled “Number of Global Cyber Attacks,” the report drew statistics from the database for the period 2017 to 2022, where it displays the number of cyber attacks worldwide, including total attacks in the US, other countries, and Japan.
The operational impact of cyber attacks on financial institutions has become more significant in this period, according to the report. However, CISSM/GoTech data shows that cyber attacks in Japan are less prevalent than attacks overseas. Despite this, as of 2020, the BoJ report determines that corporate ransomware incidents are increasing, as demonstrated by Chart IV-5-2, showing statistics from Japan’s National Police Agency and National Center of Incident Readiness and Strategy for Cybersecurity (NISC). The BoJ emphasized the continued concern of financial institutions regarding cyber risks and called for implementing risk-mitigation strategies.
In addition to the BoJ, the European Central Bank, Deutsche Bundesbank, Banco de España, National Institute of Standards and Technology (NIST), and International Monetary Fund are all currently leveraging the Cyber Events Database for their own analysis.