MIT’s Internet Policy Research Initiative holds regular meetings around the measurement and modeling of cyber risk. These include expert roundtables, working meetings, and large-scale events as part of our research mandate.

Annual conference on measuring cyber risk
The Federal Reserve Board of Governors, the Federal Reserve Bank of Richmond, and the Massachusetts Institute of Technology Internet Policy Research Initiative convene experts from industry, government, and academia for an annual conference on efforts to measure and track cyber risk across the financial system.



The January 2024 meeting built on the inaugural meeting and review progress made. Distinguished keynote speakers and panelists reviewed advances made in developing a comprehensive set of cyber metrics and discussed the challenges that remain in today’s rapidly evolving threat landscape.

Topics included risk metrics and predictive statistics, threat analysis and scenario development, the relationship of these methods to operational resilience and financial stability, and challenges for the future.


A common theme in the inaugural 2022 conference was that financial markets, financial services firms, researchers, and policymakers cannot manage risks that they cannot measure, and cyber risk remains difficult to quantify, despite the money spent to secure information networks.

Data on cyberattacks, security failures, and losses are needed to effectively quantify and mitigate cyber risk.