IMF charges banks to guide against cyber attacks
…As hackers make off with $12bn
Following reports that cyber thieves stole $12bn from global financial institutions in the last 20 years, the International Monetary Fund (IMF) has called on Central Banks across the globe and financial institutions to strengthen resilience in the financial sector by developing an adequate national cybersecurity strategy accompanied by effective regulation and supervisory capacity.
This was contained in the April 2024 Rising Cyber Threats Pose Serious Concerns for Financial Stability report released by The Bretton Wood institution.
The report noted that greater digitalization and heightened geopolitical tensions imply that the risk of a cyberattack with systemic consequences has risen
The fund expressed concern that the rising incidents of cyberattacks on financial institutions globally could affect confidence in the financial system and destabilise economies while expressing worries that cyberattacks have more than doubled since the pandemic.
“Financial firms have reported significant direct losses, totaling almost $12 billion since 2004 and $2.5 billion since 2020,” the IMF stated.
According to the body, financial firms, given the large amounts of sensitive data and transactions they handle, are often targeted by criminals seeking to steal money or disrupt economic activity.
“Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed. Incidents in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.
“Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity. For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks,” IMF stated.
As part of measures proposed to guide against the attacks, the fund called for the periodic assessment of the cybersecurity landscape and identifying potential systemic risks from interconnectedness and concentrations, including from third-party service providers.
It further called for the encouragement of cyber “maturity” among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter’s analysis which suggests that better cyber-related governance may reduce cyber risk.
Improving cyber hygiene of firms—that is, their online security and system health (such as antimalware and multifactor authentication)—and training and awareness.
Prioritising data reporting and collection of cyber incidents, and sharing information among financial sector participants to enhance their collective preparedness.
Noting that attacks often emanate from outside a financial firm’s home country and proceeds can be routed across borders, the IMF said international cooperation has also become imperative to address cyber risk successfully.