Rising Cyber Threats Pose Serious Concerns for Financial Stability – International Monetary Fund

Tee Rasheed
6 Min Read

Credit: Altayb/iStock by Getty Images
Cyberattacks have more than doubled since the pandemic. While companies have historically suffered relatively modest direct losses from cyberattacks, some have experienced a much heavier toll. US credit reporting agency Equifax, for example, paid more than $1 billion in penalties after a major data breach in 2017 that affected about 150 million consumers.
As we show in a chapter of the April 2024 Global Financial Stability Report, the risk of extreme losses from cyber incidents is increasing. Such losses could potentially cause funding problems for companies and even jeopardize their solvency. The size of these extreme losses has more than quadrupled since 2017 to $2.5 billion. And indirect losses like reputational damage or security upgrades are substantially higher.
The financial sector is uniquely exposed to cyber risk. Financial firms—given the large amounts of sensitive data and transactions they handle—are often targeted by criminals seeking to steal money or disrupt economic activity. Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed.

Incidents in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.
For example, a severe incident at a financial institution could undermine trust and, in extreme cases, lead to market selloffs or runs on banks. Although no significant “cyber runs” have occurred thus far, our analysis suggests modest and somewhat persistent deposit outflows have occurred at smaller US banks after a cyberattack.
Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity. For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks.
Another consideration is that financial firms increasingly rely on third-party IT service providers, and may do so even more with the emerging role of artificial intelligence. Such external providers can improve operational resilience, but also expose the financial industry to systemwide shocks. For example, a 2023 ransomware attack on a cloud IT service provider caused simultaneous outages at 60 US credit unions.
With the global financial system facing significant and growing cyber risks from increasing digitalization and geopolitical tensions, as shown in the chapter, policies and governance frameworks at firms must keep pace.
Because private incentives may be insufficient to address cyber risks—for example, firms may not fully account for the systemwide effects of incidents—public intervention may be necessary.
However, according to an IMF survey of central banks and supervisory authorities, cybersecurity policy frameworks, especially in emerging market and developing economies, often remain insufficient. For example, only about half of countries surveyed had a national, financial sector-focused cybersecurity strategy or dedicated cybersecurity regulations.
To strengthen resilience in the financial sector, authorities should develop an adequate national cybersecurity strategy accompanied by effective regulation and supervisory capacity that should encompass:
As attacks often emanate from outside a financial firm’s home country and proceeds can be routed across borders, international cooperation is imperative to address cyber risk successfully.
While cyber incidents will occur, the financial sector needs the capacity to deliver critical business services during these disruptions. To this end, financial firms should develop, and test, response and recovery procedures and national authorities should have effective response protocols and crisis management frameworks in place.
The IMF actively helps member countries strengthen their cybersecurity frameworks through policy advice, for example as part of the Financial Sector Assessment Program, and through capacity-building activities.
—This blog is based on Chapter 3 of the April 2024 Global Financial Stability Report, “Cyber Risk: A Growing Concern for Macrofinancial Stability.”

The decline of inflation could be stalling in some economies
Rapid growth of this opaque and highly interconnected segment of the financial system could heighten financial vulnerabilities given its limited oversight
Supervisors in many countries face conditions that limit their effectiveness. Raising the bar requires independence with clear mandates, enhanced powers, greater resources, and more effective approaches.
IMFBlog is a forum for the views of the International Monetary Fund (IMF) staff and officials on pressing economic and policy issues of the day. The IMF, based in Washington D.C., is an organization of 190 countries, working to foster global monetary cooperation and financial stability around the world. The views expressed are those of the author(s) and do not necessarily represent the views of the IMF and its Executive Board. Read More
© Copyright International Monetary Fund

source

TAGGED:
Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *