During a financial crisis, even profitable firms face existential threats. The risk isn't from direct exposure to bad assets, but from a systemic "daisy chain" of distrust where counterparties refuse to pay their obligations, leading to a complete liquidity freeze that can bankrupt anyone.

Unlike natural catastrophes, the ultimate financial impact of a systemic cyber event is poorly understood. This "unknown worst-case scenario" forces insurers to mitigate their own risk by capping exposure and offering smaller coverage limits for cyber incidents.

The SVB crisis wasn't a traditional bank run caused by bad loans. It was the first instance where the speed of the internet and digital fund transfers outpaced regulatory reaction, turning a manageable asset-liability mismatch into a systemic crisis. This highlights a new type of technological 'tail risk' for modern banking.

Silicon Valley Bank was already a member of deposit networks that could have prevented its collapse. However, 94% of its deposits remained uninsured because the bank failed to actually use the tools at its disposal. This reveals that the mere existence of a solution is worthless without proper implementation, integration, and incentives for adoption within an organization.

Many small businesses assume they are too insignificant to be targeted by cybercriminals. This "normalcy bias" creates a dangerous false sense of security. In reality, smaller companies are attractive targets precisely because they often lack robust controls and are constantly being impersonated online.

While fears of a powerful AI hacking financial systems are valid, the more immediate and destructive risk is public perception. Widespread fear of a potential hack could trigger a bank run, destabilizing the financial system before any actual breach even occurs.

Arguing that senior executives are a major security vulnerability, Jamie Dimon deliberately limits his own system permissions. He rejects access to critical infrastructure like payment systems, ensuring that even if his credentials were stolen, the potential for catastrophic damage is contained.

While large firms use AI for defense, the same tools lower the cost and barrier to entry for attackers. This creates an explosion in the volume of cyber threats, making small and mid-sized businesses, which can't afford elite AI security, the most vulnerable targets.

The rise of AI dramatically increases the 'quantity and quality' of cyberattacks, allowing bad actors to automate attacks at scale. This elevates security from a compliance issue to an existential risk for startups, who often lack dedicated teams to combat these advanced, persistent threats. A severe hack is now a company-killing event.