The State-of-the-Field Conference on Cyber Risk to Financial Stability

The Sixth State-of-the-Field Conference on Cyber Risk to Financial Stability will take place on 17 April 2025 at the Federal Reserve Bank of New York.

The State-of-the-Field Conference on Cyber Risk to Financial Stability is a collaboration between the Federal Reserve Bank of New York and Columbia University's School of International and Public Affairs. The 2025 conference brought together thought leaders across the fields of finance and cybersecurity, representing government, academia, and the private sector. Panels focused on ongoing research, publications, and lessons learned to guide a robust discussion on financial stability and cybersecurity. Discussions focused on “known unknowns” to explore risks arising from Artificial Intelligence (AI), third-party risks, and the broader technological infrastructure of the financial system.

Read a review of the key takeaways on the Teller Widow.

Watch the recording

The Fifth State-of-the-Field Conference on Cyber Risk to Financial Stability will take place on 12 April 2024 at the Federal Reserve Bank of New York.

The State-of-the-Field Conference on Cyber Risk to Financial Stability is a collaboration between the Federal Reserve Bank of New York and Columbia University's School of International and Public Affairs. The 2024 conference will explore  what it means to be secure by design, drawing on ongoing research and lessons learned to guide a discussion on financial stability and cybersecurity. The conference sessions will focus on three core topics: cyber risks to financial stability; important developments in cyber risk management and oversight of financial stability risk; and a forward-looking assessment of geopolitical, national security, and financial risks with an evaluation of structural changes.

Read a review of the key takeaways on the Teller Widow.

The Fourth State-of-the-Field Conference on Cyber Risk to Financial Stability will take place on 14 April 2023 at Columbia University's School of International and Public Affairs.

The State-of-the-Field Conference on Cyber Risk to Financial Stability is a collaboration between the Federal Reserve Bank of New York and Columbia University's School of International and Public Affairs. The 2023 conference will explore the impact of deglobalization on cyber risks and financial stability. The event will be held at Columbia University’s School of International and Public Affairs.

While every sector is facing some degree of deglobalization – due to the impacts of COVID, the ongoing US-China rift, and the cascading effects of Russia’s invasion of Ukraine – the intertwined sectors of finance and cyberspace will be deeply affected, now that the once-global Internet is partially splintering into separate networks and the pressure to decouple economic and financial systems is increasing.

Read a review of the key takeaways on Liberty Street Blog

Conference Program and Agenda

The Third Annual State-of-the-Field Conference on Cyber Risk to Financial Stability facilitates robust discussion by convening experts across the financial and cybersecurity fields and government, academic, and private sectors. Moderated by members of Columbia University SIPA's CRFS Project and partners at the Federal Reserve Bank of New York, panels will draw on ongoing research, publications, and lessons learned from previous workshops to guide the conversations.

The conference will begin with a keynote by Eric Goldstein, Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency. This will be followed by a panel discussion on “Geopolitical Cyber Risks to Financial Stability” which will consider the changing landscape ten years after Iran’s ‘Operation Ababil’. Day one will conclude with a fireside chat with Phil Venables, the Chief Information Security Officer for Google Cloud. Day two will focus on industry perspectives, commencing with a keynote by Tammy Hornsby-Fink, the Chief Information Security Officer for the Federal Reserve System. Followed by panel discussion on “What Are We Learning?” and “What Are We Doing?” when managing and mitigating cyber threats to financial stability.

28 APRIL 2022

9:00 – 9:05am: Opening remarks by Patricia Mosser, Director, MPA Program in Economic Policy Management; Senior Research Scholar, Columbia University's School of International and Public Affairs

9:05 – 9:20am: Keynote by Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency

• Introduced by Anna Kovner,  Director of Financial Stability Research, Federal Reserve Bank of New York

9:20 – 9:30am: Break

9:30 – 10:25am: Geopolitical Cyber Risks to Financial Stability panel to reflect ten years after Iran’s Operation Ababil, and the risks presented by current geopolitical events to financial stability. (Under Chatham House Rule)

• Moderator: Jason Healey, Senior Research Scholar, Columbia University's School of International and Public Affairs
• Bill Woodcock, Executive Director, Packet Clearing House
• John Hultquist, Vice President, Intelligence Analysis, Mandiant
• Benjamin Flatgard, Executive Director, Cybersecurity, JPMorgan Chase & Co.

10:30 – 11:30am: Fireside Chat with Phil Venables, Chief Information Security Officer and Vice President, Google Cloud with Jason Healey, Senior Research Scholar, Columbia University's School of International and Public Affairs

29 APRIL 2022

9:00 – 9:05am: Opening remarks by Jason Healey, Senior Research Scholar in the Faculty of International and Public Affairs; Adjunct Professor of International and Public Affairs

9:05 – 9:30am: Fireside Chat by Tammy Hornsby-Fink, Executive Vice President and Chief Information Security Officer, Federal Reserve System with Patricia Mosser, Director, MPA Program in Economic Policy Management; Senior Research Scholar, Columbia University's School of International and Public Affairs (Under Chatham House Rule)

9:30 – 10:40am: What are we learning? panel to present views by those who have recently written on the issue of financial stability and cyber risk. (Under Chatham House Rule)

• Moderator: Anna Kovner, Director of Financial Stability Research, Federal Reserve Bank of New York
• Jonathan Welburn, Operations Researcher, RAND; Professor, Pardee RAND Graduate School
• Marco Macchiavelli, Principal Economist, Federal Reserve Bank
• Rustam Jamilov, Post-Doctoral Fellow, University of Oxford

10:40 – 10:50am: Break

10:50 – 11:50am: What are we doing? panel to address public sector and private sector efforts to identify risk and build resiliency. (Under Chatham House Rule)

• Moderator: Stacey Schreft, Deputy Director for Research and Analysis, Office of Financial Research, U.S. Treasury
• Gianandrea Padovani, Cyber Strategy Lead at the Prudential Regulation Authority, Bank of England
• Todd Sullivan, Chief Risk Officer for Financial Services Sector, Analysis and Resilience Center for Systemic Risk
• Katheryn Rosen, Global Head, Tech & Cyber Regulatory Policy & Supervision and Head of Regional Information Security, JPMorgan Chase & Co.

11:50am: Closing Remarks by Anna Kovner, Director of Financial Stability Research, Federal Reserve Bank of New York

Conference Program and Agenda

The Second Annual State-of-the-Field Conference on Cyber Risk to Financial Stability will generate a robust discussion led by experts across the financial and cybersecurity fields and government, academic, and private sectors. Members of the CRFS Project and partners at the Federal Reserve Bank of NY will serve as moderators of each panel. They will draw on CRFS’s research, publications, and lessons learned from previous workshops to guide the conversation.

The conference will begin with a fireside chat with Arthur Lindo, Deputy Director for Supervision at the Federal Reserve Board of Governors, moderated by SIPA’s Dean Merit Janow. Then, it will turn to initiatives underway in the industry to manage cyber risks, including panels on “What We’re Learning?”, “What We’re Doing?”  and “What’s Next?” in managing and mitigating cyber threats to financial stability. 

Read an event summary on Liberty Street Blog

14 DECEMBER 2020

9:00am – 10:00am: Conversation with Arthur Lindo, Deputy Director, Regulation and Supervision, Federal Reserve Board and Merit Janow, Dean, School of International and Public Affairs, Columbia University *This session is under the Chatham House rule 

10:15am - 11:30am: What We're Learning? panel to present views by those who have recently written on the issue of financial stability and cyber risk.

• Moderator: Anna Kovner,  Policy Leader for Financial Stability, Federal Reserve Bank of New York
• Leonardo Gambacorta, Head, Innovation and the Digital Economy Monetary and Economic Department, Bank for International Settlements
• Michael Junho Lee, Economist, Money and Payments Studies Function Research and Statistics Group Federal Reserve Bank of New York
• Leroy Terrelonge III, AVP, Cyber Risk Analyst, Moody's Investors Service
• Jonathan Welburn, Operations Researcher, Professor RAND Graduate School

15 DECEMBER 2020

9:00am - 9:15am: Introduction by Jason Witty, Head of Cybersecurity & Technology Controls, CISO, JPMorgan Chase *This session is under the Chatham House rule

9:15am - 10:15am: What We're Doing? panel to address public sector and private sector efforts to identify risk and build resiliency.

• Moderator: Patricia Mosser, Director, MPA Program in Economic Policy Management; Senior Research Scholar, School of International and Public Affairs
• Arthur Nelson, Research Analyst Cyber Policy Initiative, Carnegie Endowment for International Peace
• Greg Rattray,  Senior Fellow, Adjunct Senior Research Scholar of International and Public Affairs
• Yeow Seng Tan, Executive Director, Technology Risk, and Payments Department and Chief Cyber Security Officer, Monetary Authority of Singapore

10:30am - 11:30am: What's Next? to discuss higher-level prescriptions (operational, technological, and policy) to address cyber risk to financial stability.

• Moderator: Jason Healey, Senior Research Scholar,  School of International and Public Affairs
• Jeremy Brotherton, National Incident Response Team, Federal Reserve Bank of NY
• Alexandra Friedman, Deputy Director, Office of Cybersecurity and Critical Infrastructure Protection, U.S. Department of the Treasury
• Barry Pavel, Senior Vice President and Director, Scowcroft Center for Strategy and Security, Atlantic Council

Referenced Research

• Leonardo Gambacorta: The drivers of cyber risk. and Operational and cyber risks in the financial sector.
• Michael Junho Lee: Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis
• Johnathan Welburn: Systemic Risk in the Broad Economy,  Systemic Cyber Risk and Aggregate Impacts, and more Research
• Arthur Nelson: International Strategy to Better Protect the Financial System Against Cyber Threats
• International Monetary Fund: Cyber Risk and Financial Stability: It’s a Small World After All and Cyber Risk Surveillance: A Case Study of Singapore
• Atlantic Council: Dynamic Stability: US Strategy for a World in Transition,  Beyond Data Breaches: Global Interconnections of Cyber Risk,  Shaping the Post-COVID World Together,  and Breaking Trust: Shades of  Crisis Across an Insecure Software Supply Chain

Conference Program and Agenda

The Inaugural State-of-the-Field Conference on Cyber Risk to Financial Stability facilitates robust discussion by convening experts across the financial and cybersecurity fields and government, academic, and private sectors. Moderated by members of Columbia University SIPA's CRFS Project and partners at the Federal Reserve Bank of New York, panels will draw on ongoing research, publications, and lessons learned from previous workshops to guide the conversations.

The conference will begin with welcoming remarks from Merit E. Janow, Dean, School of International and Public Affairs, Columbia University, followed by a keynote speech from Kevin J. Stiroh, Executive Vice President of the Financial Institution Supervision Group of the Federal Reserve Bank of New York. Then, it will turn to initiatives underway in the industry to manage cyber risks, including panels on “What We’re Learning?”, “What We’re Doing?”  and “What’s Next?” in managing and mitigating cyber threats to financial stability.

Kevin Stiroh's remarks

Read the event summary on  Columbia's website. 

12 APRIL 2019

12:30 – 12:45pm: Opening remarks by Merit E. Janow, Dean, School of International and Public Affairs, Columbia University, followed by a keynote speech from Kevin J. Stiroh, Executive Vice President of the Financial Institution Supervision Group of the Federal Reserve Bank of New York

by Kevin Stiroh, Vice President of the Financial Institution Supervision Group of the Federal Reserve Bank of New York

12:45 – 1:45pm: What are we learning? 

Summaries of recent papers on financial stability and cyber risk 
Moderated by Patricia Mosser, Columbia SIPA 

• Martin Boer – Director of Regulatory Affairs, The Institute of International Finance
• Anne Wetherilt – Senior Advisor, Bank of England
• Filippo Curti – Senior Financial Economist, Federal Reserve Bank of Richmond 
   

1:45 – 2:45pm: What are we doing? 

Addressing public sector and private sector efforts to identify risk  
Moderated by Jason Healey, Columbia SIPA 

• Steven Silberstein – Chief Executive Officer, Financial Services Information Sharing and Analysis Center (FS-ISAC)
• Nigel Jenkinson – Chief of Financial Regulation and Supervision Division, International Monetary Fund
• Dr. Greg Rattray – Director of Global Cyber Partnerships & Government Strategy, JP Morgan Chase & Co.
• Arthur Lindo – Deputy Director for Policy, Division of Supervision and Regulation, Federal Reserve Board
• Catherine Mulligan – Global Head of Cyber, Reinsurance Solutions, Aon 

2:45 – 3:00pm: Break

3:00 – 3:45pm: What are the looming risks?

Fireside chat moderated by Merit E. Janow, Dean of Columbia SIPA 
Daniel Tarullo – Visiting Professor of Law, Harvard University and former member of the Federal Reserve Board 
Jen Easterly – Managing Director and Global Head of the Firm’s Cybersecurity Fusion Center
 

3:45 – 4:45pm: What are the looming risks?

Addressing higher-level prescriptions (operational, technological, and policy) to address cyber risk to financial stabilityModerated by Katheryn Rosen, Columbia SIPA 

• Scott Friedman – Senior Policy Advisor, Cybersecurity and Infrastructure Security Agency
• Taylor Reynolds – Policy Director, Massachusetts Institute of Technology’s Internet Policy Research Initiative  
• Yasushi Shiina – Secretariat Member, Financial Stability Board
• Kimmo Soramäki – Founder and Chief Executive Officer, Financial Network Analytics

4:45pm: Wrap up and Conclusion