State and local governments are attractive cybercrime targets because of inadequate cybersecurity and ample access to sensitive information. We show that external data breaches translate to higher financing costs for governments, including negative abnormal bond returns in the secondary market and higher offering yields and bond pricing uncertainty in the primary market. We also find that governments increase total spending around cyberattacks, suggesting higher operating costs as the likely channel behind the spike in financing costs. Exploiting state-level variation in the timing of both breach notification and data security laws, we show that they have not significantly strengthened cybersecurity.


Little is known about fraud in the financial services sector. Using a rich supervisory dataset, this study dissects fraud at large U.S. banking organizations. We examine the different categories of fraud and their materiality, the recovery from fraud, the time from fraud occurrence to fraud discovery and accounting. We quantify exposure to fraud and study the determinants of fraud at the banking organization level. Lastly, we document a significant effect of fraud on bank credit intermediation. Overall, our analysis provides new, detailed evidence on fraud in the U.S. financial services industry, and its costs and consequences.


Trade secret theft, and more broadly intellectual property (IP) theft, have resurfaced to the public attention amid the U.S.-China geopolitical conflict. In this paper, we document the detrimental effects of IP theft on innovation at the targeted firms whose trade secrets are stolen. Following the theft, targeted firms display a persistent drop in innovation outcomes, including the number of patents, patent value, and patent impact. These firms experience a decline in profitability, indicating that IP theft hurts their economic prospects. Importantly, the adverse effects of trade secret theft also spill over to the business partners of the targeted firms.


Using supervisory data from large U.S. bank holding companies (BHCs), we document that BHCs suffer more operational losses during episodes of extreme storms. Among different operational loss types, losses due to external fraud, BHCs' failure to meet obligations to clients and faulty business practices, damage to physical assets, and business disruption drive this relation. Event study estimations corroborate our baseline findings. We further show that BHCs with past exposure to extreme storms reduce operational losses from future exposure to storms. Overall, our findings provide new evidence regarding U.S. banking organizations' exposure to climate risks with implications for risk management practices and supervisory policy.


The failure of Silicon Valley Bank (SVB) brought renewed attention to the risk to financial institutions of runs on their deposits. In this paper, we propose a framework to determine whether conditions exist for banks to experience runs. We compare the performance of our method with several alternative measures of bank fragility. Our measure is able to identify weak banks earlier and as accurately as any of the alternatives, and at much lower cost in terms of falsely identifying banks as weak. The results indicate that this metric could be used to help banks effectively manage their balance sheets to avoid creating conditions where depositors have an incentive to run.


This paper explores the impact of media sentiment on bank supervision, focusing on the supervisory ratings of bank holding companies assigned by the Federal Reserve System. We uncover a significant impact of media sentiment on supervisory ratings by employing a robust instrumented differences-in-differences strategy. We show that the effect is predominantly driven by negative media articles, suggesting an inherent negativity bias. The effect is moderated by examiner experience and exam duration.


The stock market typically reacts negatively to the announcements of operational losses at U.S. financial institutions. We find significant evidence of opportunistic insider trading, with insiders saving an average of $67,357 through timely selling in the two months before the announcement of an operational loss. The results are concentrated among top executives and directors. Opportunistic behavior is muted for insiders with legal expertise. The results have implications for the U.S. Security and Exchange Commission’s goal of tightening restrictions on insider trading in an environment of intensifying operational risks from cyber threats and new financial technologies.


Gaps in the data available for assessing cyber risk have limited the development of metrics that would help the public and private sectors prevent and recover from cyberattacks and reduce systemic risk. Cyber incident disclosure rules, introduced to close the data gaps, help but fall short in supporting the effective management of cyber risk. This article examines current and proposed reporting requirements, especially in the financial sector, where they are the most advanced. It describes the data gaps that remain and discusses how moving toward a better and harmonized cyber incident data collection rule could improve cybersecurity and reduce the risk of catastrophic cyber incidents.