The International Monetary Fund (IMF) has warned about the growing threat of cyberattacks to the stability of the global financial system.
According to the IMF’s analysis presented in the April 2024 Global Financial Stability Report, cyber incidents have more than doubled since the onset of the pandemic, posing a substantial risk to financial institutions and the broader economy.
While companies historically endured relatively moderate direct losses from cyberattacks, recent years have witnessed a notable increase in both the frequency and severity of such incidents. For instance, the infamous 2017 data breach at US credit reporting agency Equifax resulted in penalties exceeding $1 billion, affecting approximately 150 million consumers.
Since 2017, the magnitude of these extreme losses has surged by more than fourfold to reach a staggering $2.5 billion. Moreover, indirect losses such as reputational damage and security upgrades far surpass direct financial impacts.
IMF.
IMF: Losses from cyber incidents are rising
The IMF’s report highlights the increasing risk of severe losses resulting from cyber incidents, which could potentially create funding problems for companies and even jeopardize their financial stability.
Since 2017, the magnitude of these extreme losses has surged by more than fourfold to reach a staggering $2.5 billion. Moreover, indirect losses such as reputational damage and security upgrades far surpass direct financial impacts.
Of particular concern is the vulnerability of the financial sector to cyber threats. Given the vast volumes of sensitive data and transactions they manage, financial institutions are prime targets for cybercriminals aiming to pilfer funds or disrupt economic activities. Attacks on financial firms constitute nearly one-fifth of the total, with banks bearing the brunt of the exposure.
The IMF warns that cyber incidents within the financial sector pose a significant risk to financial and economic stability. Potential consequences include erosion of confidence in the financial system, disruption of critical services, and spillover effects to other institutions.
For instance, a severe cyber incident at a financial institution could undermine trust and trigger market selloffs or bank runs. Although no major “cyber runs” have occurred to date, the IMF’s analysis indicates that smaller US banks have experienced modest yet persistent deposit outflows following cyberattacks.
Moreover, cyber incidents disrupting critical services like payment networks could severely hamper economic activity. A notable example is the December attack on the Central Bank of Lesotho, which paralyzed the national payment system, impeding transactions by domestic banks.
The IMF underscores the importance of enhancing cybersecurity resilience in the financial sector, advocating for robust policies and governance frameworks. Given that private incentives may fall short in addressing systemic cyber risks, public intervention may be imperative.
However, the IMF’s survey reveals that cybersecurity policy frameworks, particularly in emerging market and developing economies, often remain inadequate. Only about half of the surveyed countries have a national, financial sector-focused cybersecurity strategy or dedicated regulations.
To fortify resilience in the financial sector, the IMF recommends the development of comprehensive national cybersecurity strategies, bolstered by effective regulation and supervisory capacity. Key measures include regular assessment of the cybersecurity landscape, promotion of cyber maturity among financial firms, enhancement of cyber hygiene practices, and fostering information sharing among stakeholders.
Recognising the cross-border nature of cyber threats, international cooperation is deemed essential to mitigate cyber risks effectively. Financial firms are urged to establish and test response and recovery procedures, while national authorities should maintain robust response protocols and crisis management frameworks.
The IMF pledges to actively assist member countries in strengthening their cybersecurity frameworks through policy advice and capacity-building initiatives, emphasising the imperative of collective action to safeguard the integrity of the global financial system in the face of escalating cyber threats.
