KELLY B. CASTRIOTTA | Global Cyber Underwriting Executive, at Markel Corporation

Insurers developed property and casualty insurance policies prior to widespread computerization and the prolific use and transmission of electronic data. Many such insurance contracts did not expressly address cyber exposures at the time of their initial creation. In 2015, the Prudential Regulatory Authority (PRA) formally introduced a theoretical problem of “silent cyber” to the insurance industry, contemplating catastrophic cyber scenarios with not only a potentially powerful impact on dedicated Cyber insurance portfolios, but also on traditional insurance portfolios. The issue soon became a reality in the wake of the expansive losses associated with the NotPetya attacks of 2017.

In response to the requests made by the PRA to insurers to manage “silent cyber”, Lloyd’s of London introduced a mandate to eliminate “silent cyber” on all Lloyds policies, first charting a course for the transformation of insurers’ contractual wording to more appropriately address cyber risk. This article discusses the general concerns around “silent cyber” as presented by the PRA, the challenges of defining cyber risk across the insurance industry, and steps taken to rectify the silent cyber issue. The article then explores the idea that the silent cyber problem is at its core a semantic one rather than one of risk perception. The article concludes by offering solutions as to a semantic framework under which to analyze and address “silent cyber”.

STEPHEN CASTELL | Founder and CEO, Castell Consulting

The market price of a cryptocurrency – which, as a medium of financial exchange, generally has scarcity built into it, but little, if any, demonstrable economic utility – is driven and influenced principally by what its buyers and sellers believe its market price should, or will, be, i.e., by speculation. 

This article introduces the QE2-Coin, a U.K. central bank digital currency (CBDC), originally proposed in 2017, that is, first, inherently designed not to be driven by speculative pressures, i.e., is a stablecoin, and, secondly, is specifically engineered to have utility as a SNUT, a “specialized national utility token” – deliberately architected to be exchangeable for products, services, goods, and assets in the real world, in particular, in the affordable homes housebuilding sector. 

Throughout the post-WW2 decades, despite many political manifesto pledges for reform and repeated central government attempts at encouragement of the home construction industry, there has in reality been a constant and growing new affordable U.K. homes blight, characterized by woefully under-target new housebuilding and poorly executed government stimuli. Without new ideas, innovation, and a powerful vision, it seems unlikely that any U.K. government policy will evolve to rectify this situation and be able to narrow the growing gap between U.K. housing supply and housing need. 

The really socially useful and valuable stablecoin, the QE2-Coin, to be spent in the U.K. housebuilding sector economy, and not converted into any inert non-economically productive asset or instrument, will positively address these homes availability issues, fueling economic activity in the U.K. housebuilding sector specifically focused on providing affordable homes. Uniquely, the QE2-Coin is a “limited life utility token”, meaning that it will have a smart contract baked into it, with functionality coded to “dematerialize” any QE2-Coin token instance, taking it out of existence if it does not get spent and used socially usefully within a defined time period. A QE2-Coin maquette has been created as the basic Ethereum crypto-token QE2. The U.K. Prime Minister’s response to the SNUT proposal is awaited.

However, it is undeniable that there is a severe affordable starter and rental homes shortfall in the U.K. and, whether or not the U.K. government decides to engage with SNUT, there is no reason why the QE2-Coin initiative should not proceed. Visionaries and entrepreneurs in fintech, the crypto community, the investment world, and the property sector are welcomed to join in developing the QE2 SNUT plan for fixing this starter and rental homes shortage.

RENEE CHO | Staff Writer, Columbia Climate School, Columbia University

Bitcoin, with a market cap of U.S.$727 billion, is the largest cryptocurrency in the world. It can be used to buy cars, furnishings, vacations, and much more. In 2011, one bitcoin was worth U.S.$1; at the time of writing this article each bitcoin is worth approximately U.S.$38,000. Because some bitcoin investors have become millionaires overnight, more and more people are intrigued by the possibility of striking it rich through investing in cryptocurrencies like bitcoin. But bitcoin’s rising popularity may make it impossible for the world to stave off the worst impacts of climate change, because the energy consumption of this cryptocurrency is enormous and its environmental implications are far-reaching.

LILAS DEMMOU | Deputy Head of the Structural Policy Analysis Division at the OECD Economics Department, OECD
QUENTIN SAGOT | Junior Advisor, Centre for Tax Policy and Administration, OECD

Recent technological developments linked to secure messaging and traceability present an opportunity to address certain challenges in international and domestic payment systems. From an international perspective, foreign exchange markets remain costly and relatively less efficient than domestic payment systems. From a domestic perspective, the decline in the relative importance of cash in most economies reflects changes in consumers’ preferences, which questions the future of money and payment infrastructure. 

Against that background, private initiatives falling outside of current regulation, such as stablecoins and other virtual assets, are associated with several risks and opportunities and have fueled the debate on the merit for central banks to issue new form of digital public currency. This article reviews these different propositions and examines their implications for the international and domestic payment systems.

JAY CULLEN | Professor of Financial Regulation and Head of Law, Criminology and Policing, Edge Hill University;
Research Professor in Law, University of Oslo

This article examines retail central bank digital currencies (CBDCs), a proposed financial technology that central banks around the world are considering implementing. Proponents of such payment instruments argue that they will produce considerable benefits for adopting countries, principally in the fields of competition in payments markets, financial inclusion, and macroeconomic stability. 

This article critically evaluates these purported benefits and finds that many of the claims made in their support do not stand up to scrutiny and could, in fact, be realized without the introduction of a central bank retail payment instrument. More significantly, the benefits cited by proponents of such instruments may produce considerable negative externalities in other domains, particularly in relation to financial stability.

CAROLINE HILLAIRET | Professor and Director of the Actuarial Science engineering track and Advanced Master, ENSAE and CREST
OLIVIER LOPEZ | Professor of Applied Mathematics (Statistics), Laboratoire de Probabilités, Statistique et Modélisation, Sorbonne Université


This paper proposes a stochastic model to simulate massive cyberattack scenarios, taking into account the structure of the network as well as partial or full protection measures. Events, such as the recent COVID-19 pandemic, can rapidly generate consequent damages, and mutualization of the losses may not hold anymore. The framework is based on the multigroup SIR (susceptible, infected, and recovered) epidemiological model, which can be calibrated from a relatively small amount of data and through fast numerical procedures. As an illustration, we replicate the impact of a Wannacrytype event using a connectivity network inferred from macroeconomic data of the OECD. We show how this model can be used to generate reasonable scenarios of cyber events, and investigate the response to different types of attacks or behavior of the actors, allowing for the quantification of the benefits of an efficient prevention policy.

JAN MARTIN LEMNITZER | Department of Digitalization, Copenhagen Business School

For two decades, the cyber insurance sector had been a niche sector of the insurance industry: tiny but boasting strong growth rates and enormous profit ratios. Yet, between 2019 and 2022, the cyber insurance industry has been devastated by the impact of the explosion in ransomware, causing huge payouts and escalating losses. Some insurers are now fleeing from the sector entirely.

This article will shine some light on how the cyber insurance industry works and how it has responded to the ransomware impact. After discussing why insurers struggle with accurately pricing the cyber risks posed by the companies in their portfolios, it will explore the evidence in support of the claim that having cyber insurance improves a company’s IT security. 

The final section offers a radical proposal to make cyber insurance compulsory for small- and medium-sized companies (SMEs) to tackle their known and longstanding issues with IT security. If combined with an externally established minimum IT security standard developed for SMEs and light regulation on insurance policies, this measure could transform IT security in thousands of companies and vastly improve their resilience against ransomware and other cyberattacks.

SARAH STEPHENS | Managing Director, International Head of Cyber & FINPRO UK Cyber Practice Leader, Marsh

Cyberattacks continue to dominate news headlines, driven by an overwhelming increase in ransomware events alone. As cyberattacks become more prolific, related insurance claims follow, meaning Marsh have been able to identify a correlation between certain security controls and corresponding cyber incidents. Organizations are recommended to implement a number of cyber hygiene controls that are key to achieving cyber resilience and insurability. In this article, Marsh presents 12 recommended cybersecurity controls including their characteristics and requirements.

UDO MILKAU | Digital Counselor

Decentralized finance applications have been surging with incredible speed for about two years. Some DeFi enthusiasts aim to recreate financial services on the foundations of distributed ledger technology and smart contracts, i.e., computer scripts executed on a distributed runtime platform. This perspective has a clear focus on technology. 

To shift the debate, this paper examines DeFi from the perspective of users and their contractual relationship with DeFi. Given that DeFi removes traditional intermediaries, one needs to ask which entity becomes the counterparty? One fundamental element of contract law is the “meeting of the minds”; hence we need to determine who are the interacting minds in a DeFi agreement? 

A second fundamental question is about the beneficiary, or in other words: cui bono? Finally, it is important to determine whether DeFi in fact provides “financial services” or whether it is simply a gaming table, upon which different tokens move positions? The question of the applicable law has to be answered by regulators, nevertheless, the analysis in this paper reveals that DeFi exhibits a structure with “central” entities and a trend towards “gamification”.

PHOEBUS L. ATHANASSIOU | Senior Lead Legal Counsel, European Central Bank

Although substantial in terms of market capitalization, the economic potential of digital assets remains locked, inter alia, on account of their still limited use as loan collateral. The wider use of digital assets as security for credit would both help their holders to capitalize on their digital asset holdings and contribute towards easing liquidity conditions in the market by allowing market actors at both ends of a lending agreement to tap into a substantial, but largely unutilized, repository of collateral. 

This article explores some of the legal parameters relevant to the use of digital assets as collateral, with an emphasis on how a security interest in digital assets can be created, the modalities for the realization of digital assets accepted as loan collateral, and the ways in which collateral takers (but also collateral givers) can be protected from fluctuations in the value of some of the more volatile types of digital assets tendered as loan collateral.

LOKKE MOEREL | Professor of Global ICT Law, Tilburg University

The European Union (E.U.) feels the threat of what is coined digital colonialism of the U.S. and China,1 where the E.U. member states are increasingly dependent on digital infrastructures that are in the hands of a handful of dominant foreign market players. The digital identity of most European citizens depends on foreign email addresses, and a staggering 92 percent of European data reside in the clouds of U.S. technology companies, of which 80 percent are with five suppliers only. Besides supply chain dependencies, these companies operate proprietary ecosystems, which offer limited interoperability and portability of data and applications, resulting in E.U. data being locked-in and having limited value for E.U. innovation.

Restoring Europe’s “digital sovereignty” is now a core ambition of the European Commission (E.C.); however, achieving it at a time when digital technologies have become the battleground for the race for global leadership between the U.S. and China (aka the tech cold war) will not be easy. Both the U.S. and China regularly draw the national security card to justify stricter export controls of critical technology and bringing manufacturing back to their countries. Recent U.S. executive orders ensure that almost any ICT-related activity in the U.S. connected to China is now subject to regulatory review by the U.S. government. Not surprisingly, China is retaliating.

With the E.U. policy measures, the E.C. is aiming to pave a third way, in order to avoid falling into the trap of tech
protectionism. Flagship initiatives discussed are the so-called European Data Spaces (bringing together E.U. data of specific industry sectors in order to unlock their value for E.U. innovation) and the GAIA-X project (achieving interoperability between cloud offerings to achieve the required scalability for AI-related innovations, without setting up European hyperscalers). All initiatives will also have a fundamental impact on the business models of the financial sector. This article discusses the threats to E.U. digital sovereignty in order to help the reader better understand the E.U. policy proposals and their disruptive impacts, which – as with any regulation – brings new requirements, but also opportunities for innovation.

FLORIAN NEMLING | Senior Consultant (Austria), Capco
ALAN BENSON | Managing Principal (Germany), Capco

Banking, as any business, is complex, and there are many choices and decisions to be made – all the time. Underlying many businesses today is expensive technology that adds to the endless decision complexity. When mapping their IT strategy, companies need to evaluate opportunities and challenges presented by cloud technology, and many businesses find themselves with a mixed private and public cloud setup. This article explores important issues with multi-cloud scenarios, with a focus on the monitoring of multi-cloud solutions.

PETER KENNEDY | Partner (U.K.), Capco
ANIELLO BOVE | Partner (Switzerland), Capco
VIKAS JAIN | Managing Principal (U.S.), Capco
CHESTER MATLOSZ | Managing Principal (U.S.), Capco
AJAYKUMAR UPADHYAY | Managing Principal (U.S.), Capco
FRANK WITTE | Managing Principal (Germany), Capco


The financial services sector is undergoing unprecedented disruption, thanks to a combination of the digital revolution and COVID-19’s social and business upheavals. The collision of these two forces in 2020 and 2021 quickly altered the competitive landscape. Financial services institutions had to become smarter and more nimble, working in new ways with unfamiliar technologies at an unparalleled pace to meet escalating digital demands of clients. Firms also had to deal with increased competition, as fintechs, as well as technology giants, looked to take advantage of uncertain macro and micro economic environments. 

The phrase “inflection point” is often misapplied to characterize various competitive shifts, but we believe it accurately describes what leaders in financial services face today. In this paper, we lay out the industry’s current state as seen through the eyes of practitioners, how cloud technologies are being used as an accelerant to drive growth and return on investment (ROI), and what lies ahead for our clients over the next few years.

JACK CLARK FRANCIS | Professor of Economics and Finance, Bernard Baruch College
JOEL RENTZLER | Professor of Economics and Finance, Bernard Baruch College

In 2021 Gary Gensler, Chairman of the Securities and Exchange Commission, called cryptocurrency markets the “Wild West” and said they are rife with “fraud, scams, and abuse” [Talley and Volz (2021), Kiernan (2021), CBS News (2021)]. One of the main reasons they cause so many problems is that the U.S. has no laws governing cryptocurrencies. Since cryptocurrencies do not conform to the legal definition of securities, the existing U.S. securities laws do not apply to them. As a result, a complicated multi-billion dollar lawless industry has sprung up in the U.S. in recent decades.