The IMF claims cyberattacks have cost the financial sector roughly $12bn in the last 20 years and said extreme attacks could cause masses of customers to withdraw funds from banks.
Cyberattacks have grown significantly in recent years and there is a looming threat that it could erode confidence in the global financial sector, according to a new report from the International Monetary Fund (IMF).
The organisation’s latest Global Financial Stability Report warns that the size of “extreme losses” from cyber incidents has more than quadrupled since 2017 to a value of $2.5bn. The report also claims the financial sector is “uniquely exposed” to cyberattacks, due to the large amounts of sensitive data and transactions they handle.
“Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed,” the IMF claimed in a blogpost.
The IMF claims the financial sector has suffered more than 20,000 cyberattacks in the past 20 years, causing roughly $12bn in losses. But the report warns that cyberattacks could cause economic damage beyond what criminals manage to steal.
Sylvain Cortes, strategy VP at Hackuity, said the report is a “welcome step” in raising awareness on the threats facing the financial sector.
“The financial sector is at risk of cyberattacks because it is a lucrative and strategic target for hackers who want to disrupt services, steal data or extort money,” Cortes said.
The risk of ‘bank runs’
The IMF claims incidents in the financial sector could threaten economic stability if they “erode confidence in the financial system” or disrupt critical services. For example, the organisation warns that cyberattacks could cause ‘bank runs’ – where large numbers of customers withdraw money from the bank and strain its finances.
“Although no significant ‘cyber runs’ have occurred thus far, our analysis suggests modest and somewhat persistent deposit outflows have occurred at smaller US banks after a cyberattack,” the IMF said.
The organisation also said the financial sector is increasingly relying on third-party IT service providers and that this may increase with the “emerging role” of AI. These third-party providers could expose banks to “systemwide shocks” in the event of a data breach.
A lack of regulation
The IMF said public intervention “may be necessary” as private incentives may be insufficient to address cybersecurity risks – particularly when it comes to issues around the supply chain. But the IMF claims cybersecurity policy frameworks “often remain insufficient”, particularly in emerging markets and developing countries.
“To strengthen resilience in the financial sector, authorities should develop an adequate national cybersecurity strategy accompanied by effective regulation and supervisory capacity,” the IMF said.
Cortes said that the financial sector is often “light years” ahead of other sectors in terms of cybersecurity, but that it still faces similar challenges.
“Digitisation means that more financial transactions and services are conducted online, which creates more entry points and vulnerabilities for hackers to exploit,” he said. “Weak corporate governance of cybersecurity means that some financial firms may not invest enough in cybersecurity or may not have adequate policies or procedures to prevent, detect or respond to cyberattacks.
“Whether it’s DORA, a landmark IMF report or the latest breaking news, the finance sector is waking up to these threats and the responsibility they bear.”
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.