International Monetary Fund (IMF) has disclosed that financial institutions around the world suffered a loss of $12 billion due to cyberattacks in the last two decades.
IMF made this disclosure via its recently released Global Financial Stability Report.
The fund, in the report, claimed that out of the $12 billion, a whopping $2.5 billion was lost between 2020 and the first quarter of 2024.
IMF expressed its apprehension regarding the increasing occurrences of cyberattacks targeting financial institutions worldwide. These attacks, it noted, have the potential to undermine confidence in the economic system and disrupt economies.
According to the IMF, attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed. Incidents in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.
Also, cyber incidents that disrupt critical services like payment networks could severely affect economic activity.
IMF stated that;
For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks
In addition, financial institutions in advanced economies, particularly in the United States, have been more exposed to cyber incidents than firms in emerging markets and developing economies
Citing JPMorgan Chase As An Example
The IMF highlighted that the largest bank in the United States has disclosed a staggering number of 45 billion cyber events daily. To combat this growing threat, the bank invests a significant amount of $15 billion annually in technology and employs a workforce of 62,000 technologists, with a considerable focus on cybersecurity.
It also emphasized that these cyber incidents pose a significant operational risk, which has the potential to undermine the operational resilience of financial institutions and have adverse effects on the overall macro-financial stability.
READ MORE: Will US SEC Investigate OpenAI CEO Altman And Microsoft’s Nadella?
Why Cyber Attacks Are on The Rise
IMF mentioned numerous factors that are responsible for the increase in cyber incidents. Among these is the fast-paced expansion of digital connectivity, which has been further propelled by the COVID-19 crisis, as well as the rising reliance on technology and financial advancements.
It added that geopolitical tensions may also be a contributing factor, considering the surge of cyberattacks after Russia invaded Ukraine in February 2022.
According to the IMF, some of the factors could be as follows;
- A cyber incident at a financial institution or a country’s critical infrastructure could generate macro-financial stability risks through three key channels: loss of confidence, lack of substitutes for the services rendered, and interconnectedness.
- While cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation such as artificial intelligence and heightened global geopolitical tensions exacerbate the risk.
- Recent significant cyber incidents—such as the ransomware attack on the US arm of China’s largest bank, the Industrial and Commercial Bank of China, on November 8, 2023, which temporarily disrupted trades in the US Treasury market—further underscore that cyber incidents at major financial institutions could threaten financial stability
Cybersecurity: What Central Bank Needs To Do
To enhance the resilience of the financial sector, the IMF has emphasized the importance of central banks and authorities developing a comprehensive national cybersecurity strategy. This strategy should be supported by robust regulation and supervisory capabilities to effectively address potential cyber threats.
- Periodically assessing the cybersecurity landscape and identifying potential systemic risks from interconnectedness and concentrations, including from third-party service providers;
- Encouraging cyber “maturity” among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter’s analysis suggests that better cyber-related governance may reduce cyber risk.
- Improving cyber hygiene of firms—that is their online security and system health (such as antimalware and multifactor authentication)—and training and awareness.
- Prioritizing data reporting and collection of cyber incidents, and sharing information among financial sector participants to enhance their collective preparedness.
Noting that attacks often emanate from outside a financial firm’s home country and proceeds can be routed across borders, IMF said international cooperation has also become imperative to address cyber risk successfully.