Cyber risk has been increasing due to fast development of information technology, increased using of smart gadgets, advanced way of communication, changing habits of users, and inventiveness of cyber criminals. Nowadays, cyber criminals are highly motivated professionals who are frequently financed by wealthy criminal organizations, or even states, and have clear goals and strategies.
False working of critical systems might have important consequences for the whole society, therefore the pace of the new strategies, plans, and different activities to fight cyber threats is being stepped up in the last years around the world. Because of the bank sector role, banks have to be able to precisely identify all risks they face and measure, manage, and control them. They must have enough capital to cover unexpected loss. Cyber risk as a part of information technology risk is placed in the system of operational risk. Early uncovering of potential threats is essential for security of business and efficient managing of risks.
The abundance of new methodologies, standards, antivirus programmes and approaches that have been prescribed and proposed by different public and private organizations has brought with it a need for a systematic approach to assessing the cyber risk. The decision support system for cyber risk supervision in banks, which is presented in the master's thesis, is based on generally accepted and currently valid industrial standards pertaining to information security and provides for a general basis for understanding, assessment and management of cyber risks. The presented decisions support system for the supervision of cyber risk in banks evaluates the bank's risk based on the assessment of the inherent risk and the functioning of control mechanisms. It goes on to identify critical areas and suggests measures to mitigate the risk, which in turn enables more efficient decision-making as to the measures for the supervision of cyber risk in banks.