Chair in Cyber Risk Governance

Created in October 2020, the Chair in Cyber Risk Governance at Rennes School of Business addresses the diverse implications of cyber risk.

The diversification of cyber threats

Our increasingly digital and interconnected societies inevitably result in a heightened risk of major cyber crises, be it from massive attacks or from systemic contamination. The varying forms and severity of cyber threats continue to grow, with computer attacks generally based around four main objectives: espionage, illegal trafficking (cybercrime), sabotage, and destabilisation (manipulation of information).

The centrality of cyber risk

Cyber risk is recognised amongst the biggest systemic risks by major international institutions, alongside those of financial instability, climate change and pandemic threat. Destabilising our traditional benchmarks, cyber risk blurs the distinction between civil and military, war and peace, and makes it more difficult, if not impossible, to distinguish between international politics and domestic politics. Power becomes relativised, disseminated and largely privatised as these conflicts involve fewer diplomats and more companies.

Due to its inherent links to all other business sectors, finance is a prime target for hackers. Cyber risk carries two main threats: substantial financial loss and a loss of confidence in the financial system. This trend is set to continue, given the democratisation of hacking tools and methods, which are no longer the exclusive prerogative of state bodies.

The Chairholder, Julien Nocetti, is an associate professor at Rennes School of Business, an associate fellow at the French Institute of International Relations (IFRI) and an associate professor at Saint-Cyr Coëtquidan military academy. He holds a PhD in political science, was responsible for IFRI’s activities related to cyber issues from 2010 to 2019 and regularly speaks at international conferences and in the media.

Mission

  • Position Rennes School of Business as a recognised player in cyber risk issues
  • Create specific expertise dedicated to the financial sector
  • Integrate all the implications of cyber risk: regulatory, economic, technological and managerial
  • Produce expertise and human resources
  • Anticipate crisis management through forward vision

Research topics

1. Cyber risk in the financial and insurance sectors

Cybersecurity is now a fundamental issue of financial stability. The increased sophistication of IT attacks and the increased vulnerability in our systems give rise to the potential of high risks, such as the unavailability of essential services and infrastructure, the breach of market data, or a breach of confidentiality among financial players. Attacks now target institutions’ IT structures – no longer limited to targeting customer equipment – in order to steal and/or destroy them, while the processes themselves become ever more complex within the framework of deeply interconnected information systems. Technological innovations (FinTech) and the arrival of new intermediaries (GAFAM and BATHX) are creating additional weaknesses in connection with financial institutions.
These issues also call into question the insurability of cyber risk. On an international level, the increase in cyber risk raises the question of whether the financial sector should be incorporated in the strengthening of normative principles.

2. Cyber risk and geoeconomics with regard to digital issues

In the digital field, the Covid-19 pandemic reinforced a pre-existing trend: the shifting of power from political and military fields to the field of economics. Inextricably linked to the “weaponisation” of US-China relations, geoeconomic issues become particularly apparent through the destabilisation of global tech supply chains (5G equipment, chips, etc.).
The debate around the possibility of a technological “decoupling” between the United States and China is generating new global risks, such as new opportunities for Europe to structure a system of digital sovereignty, rendering it immune to predatory strategies.

3. Cyber geopolitics and its impact on corporate cybersecurity

Russian cyber interference in the US presidential election in 2016 and the massive hacks that have targeted major international groups since 2017 reflect the volatility of global politics that has arisen through the dissemination of digital resources. Companies must adapt to these diverse threats, which aim to target vital infrastructures, and lay the groundwork for strategic data protection. Certain countries make no secret of their ambitions to control digital infrastructure (such as the cloud, data centres, submarine cables and 5G networks) – with profound economic and security implications.
This topic will include the analysis of challenges that arise from the multiplication of cyber-attacks and the mapping of players involved in this ever-shifting conflict.

Output

The implementation of the Chair in Cyber Risk Governance included:

1. Designing teaching programmes that are integrated into the Grande Ecole curriculum,

The Chair in Cyber Risk Governance is integrated into the Rennes SB curriculum, including as part of a Specialised Master’s programme (MS), a Master of Science (MSc) and our Executive Education programmes. These programmes will involve professors from Rennes School of Business who are associated with the chair, institutional and private support of the chair and other teachers and practitioners with expertise on specific matters.

2.  Seeking an active presence in expert and public debates

The holder of the chair uses his position in expert, decisional and media networks, in France and in Europe, to contribute to the debate on subjects supported by the Chair. As such, special effort is made to organise events (open conferences, breakfast debates, company seminars, etc.).

3. Seeking partnerships with academic institutions, in France and abroad,

aiming to anchor the chair within its objects of study and training.

The added value of Rennes SB

In line with the School’s main missions, the Chair in Cyber Risk Governance aims to produce high-level training and expertise, whilst encouraging debate between experts and decision-makers in the economic and political worlds.

The Chair in Cyber Risk Governance is marked by Rennes School of Business’ general expertise, particularly through the identification of central issues, both present and future, by repositioning cyber topics among global issues and by establishing bridges between disciplines. The Chair also benefits from the specific expertise of the School’s other departments (Finance, Strategy, Data Analytics, etc.).