Rising Cyber Threats Heighten Financial Stability Risks, IMF Warns

The International Monetary Fund (IMF) has sounded the alarm on the escalating threat of cyberattacks to global financial stability. The IMF's warning comes amidst a surge in cyber incidents, more than doubling since the onset of the pandemic, with dire implications for the financial sector.

According to the newly released IMF April 2024 Global Financial Stability Report, Financial firms have reported significant direct losses, totalling almost $US12 billion since 2004 and $US2.5 billion since 2020, with indirect impacts such as reputational damage exacerbating the financial toll.

“The financial sector is uniquely exposed to cyber risk. Financial firms—given the large amounts of sensitive data and transactions they handle—are often targeted by criminals seeking to steal money or disrupt economic activity. Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed," it revealed in a In a recent blog post.

The IMF­ warns of the potential for cyber incidents to trigger widespread economic turmoil. Citing examples such as the disruption of the national payment system in Lesotho, it emphasizes the significant impact such attacks can have on critical services and economic activity.

The IMF observed that a variety of reasons are involved in the increase in cyber incidents. It stated that they include the COVID-19 pandemic’s acceleration of the fast-expanding digital connectivity as well as the rising reliance on technology and financial innovation.

The article went on to say that given the spike in cyberattacks following Russia’s invasion of Ukraine in February 2022, geopolitical tensions could also be a cause.

“A cyber incident at a financial institution or a country’s critical infrastructure could generate macro-financial stability risks through three key channels: loss of confidence, lack of substitutes for the services rendered, and interconnectedness.

“While cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation such as artificial intelligence and heightened global geopolitical tensions exacerbate the risk.

“Recent significant cyber incidents - such as the ransomware attack on the US arm of China’s largest bank, the Industrial and Commercial Bank of China, on November 8, 2023, which temporarily disrupted trades in the US Treasury market - further underscore that cyber incidents at major financial institutions could threaten financial stability,” it said.

One of the key concerns raised by the IMF, is the reliance of financial firms on third-party IT service providers, which can amplify systemic shocks. An incident in 2023 involving a cloud IT service provider led to simultaneous outages at 60 US credit unions, illustrating the interconnected nature of cyber risks in the financial sector.

The IMF underscores the need for robust cybersecurity policies and governance frameworks to mitigate these risks. Quoting from the post, it stresses the importance of public intervention, particularly in developing economies where cybersecurity regulations are often lacking.

To enhance resilience in the financial sector, the IMF proposes a multifaceted approach, including regular assessments of cybersecurity risks, promoting cyber maturity among firms, improving cyber hygiene, and fostering information sharing among financial institutions.

Highlighting the imperative of international cooperation, the IMF underscores the need for coordinated efforts to address cyber risks effectively. As cyber incidents transcend national borders, collaborative measures are deemed essential to combatting this growing threat.

In conclusion, it urges financial firms to bolster their capacity to deliver critical services during cyber disruptions through robust response and recovery procedures. The IMF reaffirms its commitment to assisting member countries in strengthening their cybersecurity frameworks through policy advice and capacity-building initiatives.