The Cyber Risk of Non-Financial Firms
摘要
This Chapter develops a novel firm-level indicator to assess cyber risk vulnerability among Italian non-financial firms, leveraging advanced artificial intelligence techniques, including natural language processing and large language models. The indicator is constructed from a rich and heterogeneous dataset that integrates financial statement disclosures, press articles, and specialized cybersecurity sources. A taxonomy tailored to the Italian context enables the structured extraction of cyber-related information, encompassing both the occurrence of cyberattacks and the implementation of defensive measures. Our findings reveal a marked increase in the frequency and diversity of cyber incidents since 2019, with firms exhibiting persistent structural weaknesses in their cybersecurity posture. Notably, the impact of a cyberattack on the vulnerability index is immediate and substantial, often outweighing the mitigating effects of defensive actions, which tend to materialize gradually. Furthermore, firms demonstrate a tendency to enhance cybersecurity-related disclosures in financial reporting following an incident, suggesting a reactive adjustment in governance and transparency practices. These dynamics underscore the relevance of cyber risk as a material factor in credit risk assessment. The proposed indicator offers a foundation for integrating cyber risk into probability of default models, with potential applications in supervisory frameworks and financial stability analysis.