The International Monetary Fund (IMF) disclosed that financial institutions globally have incurred losses totaling $12 billion due to cyberattacks over the past two decades.
Out of this sum, $2.5 billion was lost between 2020 and 2024, as revealed in the IMF’s April 2024 Global Financial Stability Report. The IMF expressed concerns about the increasing frequency of cyberattacks on financial institutions, warning that such incidents could undermine confidence in the financial system and destabilize economies.
“Banks as Primary Targets”
Financial firms, handling significant volumes of sensitive data and transactions, are prime targets for criminals aiming to steal money or disrupt economic activities, according to the IMF. Nearly one-fifth of cyberattacks target financial firms, with banks being the most vulnerable. Cyber incidents in the financial sector pose threats to financial stability, economic activity, and critical services.
Advanced economies, particularly the United States, have witnessed more cyber incidents in financial institutions compared to emerging markets and developing economies. For instance, JPMorgan Chase reported experiencing 45 billion cyber events daily and allocated $15 billion annually to technology, with a focus on cybersecurity.
Operational Risks and Macroeconomic Stability
Cyber incidents are identified as critical operational risks that could jeopardize financial institutions’ operational resilience and macro financial stability. Factors contributing to the rise in cyber incidents include increased digital connectivity, technological dependency, financial innovation, and geopolitical tensions.
Geopolitical tensions, such as those following Russia’s invasion of Ukraine in February 2022, may exacerbate cyber risks. Recent significant cyber incidents, such as the ransomware attack on the US arm of China’s largest bank, highlight the potential threats to financial stability posed by cyberattacks on major financial institutions.
Enhancing Cybersecurity Resilience
To bolster resilience in the financial sector, the IMF recommends that central banks and authorities:
- Develop a national cybersecurity strategy and effective regulation and supervisory capacity.
- Periodically assess the cybersecurity landscape to identify potential systemic risks.
- Promote cyber maturity among financial sector firms, including board-level access to cybersecurity expertise.
- Improve cyber hygiene of firms through enhanced online security measures and training.
- Prioritize data reporting and sharing of cyber incidents among financial sector participants.
- Enhance international cooperation to address cross-border cyber risks effectively.
The IMF underscores the importance of international collaboration in tackling cyber risks, given that cyberattacks often originate from outside a financial firm’s home country and involve cross-border transactions.
