Over the past two decades, organizations in the financial sector were victims to over 20,000 cyberattacks that caused more than $12 billion in losses, the International Monetary Fund (IMF) says.
Citing an increase in cyberattacks targeting financial firms, especially banks, IMF’s April 2024 Global Financial Stability Report (PDF), also underlines an increased risk of extreme losses caused by cyber intrusions.
“Such losses could potentially cause funding problems for companies and even jeopardize their solvency. The size of these extreme losses has more than quadrupled since 2017 to $2.5 billion. And indirect losses like reputational damage or security upgrades are substantially higher,” the IMF says.
Financial organizations are at the receiving end of roughly one fifth of all cyberattacks, with cybercriminals seeking to steal money or disrupt economic activities.
Should such incidents undermine the financial system’s credibility, these cyberattacks could lead to economic instability, potentially leading to market sell-offs and bank runs, the IMF claims.
To date, no significant ‘cyber runs’ have been observed, but modest deposit outflows did occur at smaller US banks following a cyberattack.
“Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity,” such as the attack on the Central Bank of Lesotho that disrupted the national payment system, the IMF says.
The reliance on third-party IT services providers and the rise of AI use could expose financial institutions to additional risks, such as outages caused by ransomware attacks on the service providers, and AI-related data leaks.
“With the global financial system facing significant and growing cyber risks from increasing digitalization and geopolitical tensions, policies and governance frameworks at firms must keep pace,” the IMF points out.
According to the United Nations financial institution, these risks can be mitigated through effective regulations and adequate national cybersecurity strategies that include cybersecurity landscape assessments, a push for cybersecurity maturity, improved security hygiene, and incident reporting prioritization.
International collaboration is also essential in the current landscape, where cyberattacks often occur from outside an organization’s country, the IMF also notes.
IMF’s warning comes less than a month after news broke that nearly a dozen IMF email accounts were hacked in February 2024.
Related: Prudential Financial Data Breach Impacts 36,000
Related: Windows Zero-Day Exploited in Attacks on Financial Market Traders
Related: Bank of England Will Review the Risks That AI Poses to UK Financial Stability
