Abstract

Using T2 Big Data to evaluate cyber vulnerabilities: an empirical case study
The aim of this paper is to leverage the T2 big-data infrastructure to extract meaningful information and identify clustering patterns in banking activity that may reveal potential cyber vulnerabilities. The research proposal is structured into three main sections:
I) Data accessibility
The first section focuses on the data process for acquiring and structuring information. It requires a detailed understanding of the payment infrastructure — both technical and institutional — to identify relevant data sources and ensure their correct interpretation. Particular attention is given to the architecture of T2, including message types, settlement layers, and participant roles, to map raw transactional data into an analytically usable format. Data extraction and migration are carried out in strict compliance with confidentiality requirements and central bank operational standards. A coherent and scalable data model is developed, enabling efficient interaction with the dataset and ensuring adaptability across a wide range of analytical, supervisory, and policy-oriented applications.
II) Data production
The second section builds on the previous one, enriching the analysis through the systematic use of metadata, naming conventions, and classification codes. These elements enable the transformation of raw payment messages into structured information, capturing dimensions such as transaction type, counterparty characteristics, geographical origin, and settlement behaviour. Logical rules and filtering conditions are defined to standardise data transformations and ensure consistency over time and across institutions. At the same time, the data framework preserves sufficient flexibility to allow alternative aggregations and perspectives, depending on the analytical objective. This stage is crucial for bridging the gap between raw infrastructure data and economically meaningful variables, enabling the construction of indicators that reflect underlying banking activity and network structures.
III) Leveraging data to unveil patterns
In the final stage, key statistics and indicators are computed to generate insights into banking behaviour, network topology, and systemic characteristics. Analysing T2 data, with a particular focus on the Central Bank of Malta and the domestic banking system, enables the identification of patterns in liquidity flows, concentration, and interconnectivity. These patterns are interpreted in light of potential cyber vulnerabilities, particularly within the “liquidity sinkhole” hypothesis, in which disruptions to key participants may propagate through the system via payment dependencies. The richness of the payment infrastructure also enables the design of counterfactual scenarios and stress-testing exercises. Additionally, clustering techniques are applied to uncover latent structures in the data, identifying groups of institutions with similar behavioural patterns and highlighting heterogeneity in business models, systemic relevance, and vulnerability profiles. Together, these approaches provide a comprehensive, data-driven framework for understanding the interaction between payment activity and cyber risk in a modern financial system.