Global Financial Sector Suffers $12 Billion Loss to Cyberattacks

International Monetary Fund (IMF’s) April 2024 Global Financial Stability Report, financial institutions worldwide have incurred staggering losses totaling $12 billion over the past two decades due to cyberattacks.

The report highlights that between 2020 and 2024 alone, financial institutions suffered a significant blow, losing $2.5 billion to cybercriminal activities.

This revelation underscores the escalating threat cyberattacks pose to the stability and security of the global financial system.

The IMF expressed grave concerns regarding the implications of these cyber incidents, warning that they could erode confidence in the financial system and potentially destabilize economies.

The direct financial losses incurred by financial firms paint a stark picture of the magnitude of the threat posed by cybercriminals.

In response to these alarming statistics, financial institutions are expected to ramp up their cybersecurity measures to mitigate the risk of future attacks. However, the IMF emphasizes that addressing cybersecurity threats requires a coordinated effort involving not only financial institutions but also regulatory bodies and international organizations.

Efforts to combat cyber threats must encompass proactive measures such as enhancing cybersecurity infrastructure, investing in cutting-edge technology, and fostering collaboration among industry stakeholders. Additionally, raising awareness about cybersecurity risks and promoting a culture of vigilance within financial institutions are crucial steps in fortifying the sector against cyber threats.

Primary Target

According to the IMF, financial firms, given the large amounts of sensitive data and transactions they handle, are often targeted by criminals seeking to steal money or disrupt economic activity.

“Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed. Incidents in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.

“Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity. For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks” part of the report reads.

The report stated that financial institutions in advanced economies, particularly in the United States, have been more exposed to cyber incidents than firms in emerging market and developing economies.

Citing JPMorgan Chase as an example, the IMF said the largest US bank recently reported experiencing 45 billion cyber events per day while spending $15 billion on technology every year and employing 62,000 technologists – many focused on cybersecurity.

It added that cyber incidents are a key operational risk that could threaten financial institutions’ operational resilience and adversely affect overall macrofinancial stability.

Factors

The IMF noted that many factors contribute to the rise in cyber incidents. These, it said, include the rapidly growing digital connectivity- accelerated by the COVID-19 pandemic – and increasing dependency on technology and financial innovation.

It added that geopolitical tensions may also be a contributing factor, considering the surge of cyberattacks after Russia’s invasion of Ukraine in February 2022.

Meanwhile, a cyber incident at a financial institution or a country’s critical infrastructure could generate macro-financial stability risks through three key channels: loss of confidence, lack of substitutes for the services rendered, and interconnectedness.

While cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation such as artificial intelligence and heightened global geopolitical tensions exacerbate the risk.

Recent significant cyber incidents—such as the ransomware attack on the US arm of China’s largest bank, the Industrial and Commercial Bank of China, on November 8, 2023, which temporarily disrupted trades in the US Treasury market— further underscore that cyber incidents at major financial institutions could threaten financial stability.

Meanwhile, to strengthen resilience in the financial sector, the IMF said central banks and authorities will need to develop an adequate national cybersecurity strategy accompanied by effective regulation and supervisory capacity that should encompass.

Periodically assessing the cybersecurity landscape and identifying potential systemic risks from interconnectedness and concentrations, including from third-party service providers.

Encouraging cyber “maturity” among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter’s analysis which suggests that better cyber-related governance may reduce cyber risk.

The IMF’s report serves as a wake-up call for the global financial community, urging stakeholders to prioritize cybersecurity as a fundamental component of risk management strategies. Failure to adequately address cybersecurity vulnerabilities could have far-reaching consequences, jeopardizing financial stability and undermining trust in the global financial system.

As cyber threats continue to evolve in sophistication and scale, proactive and concerted action is imperative to safeguard the integrity and resilience of the financial sector against malicious actors operating in the digital realm. Only through collective efforts and robust cybersecurity measures can financial institutions effectively mitigate the risks posed by cyberattacks and uphold the stability of the global financial system.