Many firms and sectors within the global economy depend on a common set of critical technology products and software services. While this convergence has undoubtedly enhanced efficiency, the widespread reliance on a limited set of specialized products and services has given rise to many single points of system vulnerability. Such concentration of risk amplifies the potential fallout from security breaches, especially since attackers have strong incentives to specifically attack such products and services. This project seeks to develop improved measures of financial sector cyber risk. The findings should have an immediate and direct impact on measuring and mitigating systemic (i.e., system-wide) cyber risk. It will also provide insights, providing guidance for data that should be gathered in the U.S. and beyond in future to evaluate and quantify systemic cyber risk. The findings could also help the comparatively new cyber insurance market measure and quantify correlated cyber risk. This project takes an important step in defining and empirically measuring systemic cyber risk. Systemic risk and cyber risk are first measured separately. Then, they are combined to examine key research questions about systemic cyber risk. Product-level systemic cyber risk occurs when there is concentration among technology suppliers and the products of those suppliers exhibit significant numbers of vulnerabilities, product exploits and/or publicly observed attacks. Firm-level systemic cyber ri