We model how a cyber attack may be amplified through the U.S. financial system, focusing on the wholesale payments network. We estimate that the impairment of any of the five most active U.S. banks will result in significant spillovers to other banks, with 38 percent of the network affected on average. The impact varies and can be larger on particular days and in geographies with concentrated banking markets. When banks respond to uncertainty by liquidity hoarding, the potential impact in forgone payment activity is dramatic, reaching more than 2.5 times daily GDP. In a reverse stress test, interruptions originating from banks with less than $10 billion in assets are sufficient to impair a significant amount of the system. Additional risk emerges from third-party providers, which connect otherwise unrelated banks.
The New York Fed reserves the right to require pre-publication changes to papers appearing in its working paper series Staff Reports. Such changes are strictly limited to ensuring that Staff Reports do not offer concrete predictions about impending monetary policy or regulatory actions, or otherwise violate applicable rules on the use of confidential information or standards of professional conduct. In addition, Staff Reports must not violate contractual obligations to data vendors.
While management in the Research Group may suggest substantive changes to Staff Reports on the basis of criteria other than those specified in the above paragraph, whether and how to respond to such suggestions are at authors’ sole discretion. Authors of Staff Reports are solely responsible for ensuring that all claims made in their work are well supported by evidence and that limitations of the analysis are clearly described.