Credit: Peter Nguyen/Unsplash
Cyber attackers continue to target the financial sector. What will happen when an attack takes down a bank or other critical platform, locking users out of their accounts?
Tight financial and technological interconnections within the financial sector can facilitate the quick spread of attacks through the entire system, potentially causing widespread disruption and loss of confidence. Cybersecurity is a clear a threat to financial stability.
Among emerging market and developing economies, most financial supervisors haven’t introduced cybersecurity regulations or build resources to enforce them, according to a recent IMF survey of 51 countries.
We also found:
Meanwhile, a Bank for International Settlements assessment of 29 jurisdictions identified shortcomings in the oversight of financial markets infrastructures.
There are, however, defenses against these risks, including preparation and concerted regulatory action, as we discussed at our recent global cybersecurity workshop in Washington. It won’t be easy though, and comprehensive and collective responses are urgently needed.
Proliferating threats
Just as rapid technological advances offer attackers tools that are cheaper and easier to use, so too do the changes give financial institutions greater ability to thwart them.
Even so, greater vulnerabilities are to be expected in an increasingly digitalized world. Targets proliferate as more systems and devices are connected. Fintech firms that rely heavily on new digital technologies can make the financial industry more efficient and inclusive, but also more vulnerable to cyber risks.
The escalation of geopolitical tensions has also intensified cyberattacks. Perpetrators and their motivation are often obscure, and the risks are not limited to regions of conflict. History shows that spill-over of disruptive malware can cause global damage. For instance, the NotPetya malware attack that first swamped the IT systems of Ukrainian organizations in 2017 quickly spread to several other countries and caused damages estimated at more than $10 billion.
Finally, reliance on common service providers means attacks have a higher probability of having systemic implications. The concentration of risks for commonly used services, including cloud computing, managed security services, and network operators, could impact entire sectors. Losses can be high and become macro critical.
While financial firms and regulators are becoming more aware of, and prepared for, attacks, gaps in the prudential framework remain substantial.
Neutralizing the threat
Financial institutions and regulators must prepare for heightened cyber threats and potential successful breaches by prioritizing five things:
Cross-jurisdictional risk
The strength of cyber defenses depends on the weakest link. With growing interconnections across the world, curbing risk requires an international effort. For its part, the IMF continues to help financial supervisors through capacity development initiatives aimed at designing and implementing international standards and best practices as an urgent priority.
Digital technologies shielded labor and productivity from the pandemic, while lagging countries accelerated the adoption of technology. However, digitalization gaps persist.
A new kind of multilateral platform could improve cross-border payments, leveraging technological innovations for public policy objectives
Stronger financial regulation and supervision, and developing global standards, can help address many concerns about crypto assets
IMFBlog is a forum for the views of the International Monetary Fund (IMF) staff and officials on pressing economic and policy issues of the day. The IMF, based in Washington D.C., is an organization of 190 countries, working to foster global monetary cooperation and financial stability around the world. The views expressed are those of the author(s) and do not necessarily represent the views of the IMF and its Executive Board. Read More
© Copyright International Monetary Fund
Leave a Reply