European Central Bank Utilizes UMD-Faculty-Founded Cyber Events Database

UMD Staff - April 28, 2023

Dr. Charles Harry co-developed this database to inform public and private sector decision-makers about cyber threats.

Photo of the European Central Bank

A new report on systemic cyber risk from the European Central Bank (ECB) features data from the Center for International and Security Studies at Maryland (CISSM) and Center for Governance of Technology and Systems (GoTech) Cyber Events Database. Entitled “Towards a framework for assessing systemic cyber risk,” the analysis was included as part of the ECB’s Financial Stability Review for November 2022.

The report acknowledges the instability of the cybersecurity environment, noting that reported cyberattacks increased threefold between 2015 and 2021, and that cleverly targeted cyberattacks can cause “system-wide stresses.” The Euro-area accounts for around 13 percent of cyberattacks, according to the report. It goes on to examine potential cyber threats to the financial system, including disruptions of key financial services and digital transactions.

ECB’s report makes substantial use of the Cyber Events Database, which was created as an open resource for the public and private sectors. The database identifies cyber threats to help inform public and private sector decision-makers on how to allocate finite security resources. Using a combination of Python data-scraping and human review, CISSM and GoTech researchers compile information on cyber events, including the identities of threat actors, impacted industries and the downstream consequences of attacks among other variables.

The taxonomic system used to sort cyber events in the database, which has been featured in the pages of the Journal of Information Warfare, was originally developed at CISSM by GoTech Director Charles Harry, who has a joint appointment with the UMD College of Information Studies (INFO) and UMD School of Public Policy (SPP), and CISSM Director Nancy Gallagher.

“The historical lack of reliable information on the scale and scope of cyber events across industries has made the assessment of trends nearly impossible for policy analysts concerned about the impact of attacks on financial infrastructures,” said Harry. “The inclusion of the cyber events dataset in the ECB’s Financial Stability Review speaks to the importance of CISSM and GoTech’s foundational research in understanding the scope, scale, and severity of cyber attacks across the globe.”

The database covers cyber events as far back as 2014. Cyber “events” are defined as “the end result of any single unauthorized effort, or the culmination of many such technical actions, that engineers, through use of computer technology and networks, a desired primary effect on a target.” It runs up to the present-day and is updated monthly.

The ECB report maps some interesting trends using data pulled from the Cyber Events Database. For example, cyberattacks increase in frequency during times of political and policy uncertainty. This is especially the case for state-sponsored attacks.


Image Courtesy of European Central Bank

Additionally, the majority of attacks leveled against the finance and insurance sectors are exploitive attacks, launched by criminals to illicitly acquire information. Other sectors, like manufacturing and public administration, are more frequently targeted with disruptive attacks i.e., ransomware, denial of service etc.


Image Courtesy of European Central Bank

The ECB also concludes that the cybersecurity “arms race,” won’t be ending any time soon, acknowledging that, while increased spending on IT security can reduce risk, “so too can it be expected that the technology deployed by cyberattackers will respond.”

“Ultimately, trade-offs are likely to be faced between the costs imposed by cyberattacks and ever-increasing spending on security measures,” according to the report.

In addition to the ECB, the Deutsche Bundesbank, Banco de España, the Central Bank of Japan, and National Institute of Standards and Technology (NIST) are all currently leveraging the Cyber Events Database for their own analysis.

Both the CISSM/ GoTech Cyber Events Database and the ECB report are open source and free to view online.

This is an update of the article originally published by the University of Maryland School of Public Policy, December 2022.