Financial firms have reported significant direct losses, totaling almost $12 billion since 2004 and $2.5 billion since 2020, the International Monetary Fund (IMF) has disclosed.
In its April 2024 Global Financial Stability Report released recently, IMF stated that attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed.
The IMF offered JPMorgan Chase as an example, stating that the biggest US bank recently reported 45 billion cyber events each day, with $15 billion spent annually on technology and 62,000 employees, many of whom were devoted to cybersecurity. It went on to say that cyber events constitute a major operational risk that might jeopardise the operational stability of financial institutions and negatively impact macrofinancial stability as a whole.
“Financial institutions in advanced economies, particularly in the United States, have been more exposed to cyber incidents than firms in emerging markets and developing economies. Given the large amounts of sensitive data and transactions they handle, are often targeted by criminals seeking to steal money or disrupt economic activity.
“Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed. Incidents in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.
“Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity. For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks,” IMF stated.
The IMF observed that a variety of reasons are involved in the increase in cyber incidents, which include the COVID-19 pandemic, which accelerated the fast expanding digital connectivity as well as the growing reliance on technology and financial innovation. Also, given the spike in cyberattacks following Russia’s invasion of Ukraine in February 2022, geopolitical tensions might also be a cause.
“A cyber incident at a financial institution or a country’s critical infrastructure could generate macro-financial stability risks through three key channels: loss of confidence, lack of substitutes for the services rendered, and interconnectedness. While cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation such as artificial intelligence and heightened global geopolitical tensions exacerbate the risk.
“Recent significant cyber incidents—such as the ransomware attack on the US arm of China’s largest bank, the Industrial and Commercial Bank of China, on November 8, 2023, which temporarily disrupted trades in the US Treasury market—further underscore that cyber incidents at major financial institutions could threaten financial stability,” it said.
To strengthen resilience in the financial sector, the IMF, suggested that central banks and authorities must create a sufficient national cybersecurity strategy and implement efficient regulation and supervisory measures, which should include: regular evaluation of the state of cybersecurity and detection of possible systemic vulnerabilities resulting from concentrations and interconnections, including those arising from third-party service providers; improved cyber-related governance to lower cyber risk and supports the idea of promoting cyber “maturity” among financial sector companies, including board-level access to cybersecurity knowledge, among others.