The International Monetary Fund (IMF) has unveiled staggering statistics revealing that financial institutions worldwide have incurred losses amounting to $12 billion due to cyberattacks over the past two decades. The revelation comes from the IMF’s April 2024 Global Financial Stability Report, which highlights the escalating threat posed by cybercrime to the global financial system.
The report underscores a concerning trend, indicating that financial institutions suffered a substantial loss of $2.5 billion between 2020 and 2024 alone. This surge in cyberattacks has raised alarm bells within the IMF as it warns of potential repercussions on financial stability and economic resilience.
“Financial firms have reported significant direct losses, totaling almost $12 billion since 2004 and $2.5 billion since 2020,” the IMF stated.
Financial firms, particularly banks, are identified as primary targets for cybercriminals due to the vast amounts of sensitive data and transactions they handle. The IMF emphasizes that attacks on financial institutions pose a significant threat to economic stability, potentially eroding confidence in the financial system and disrupting critical services.
Highlighting examples such as the recent cyber incident at the Central Bank of Lesotho, which disrupted the national payment system, the IMF underscores the severe impact that cyber incidents can have on economic activity.
“Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed. Incidents in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.
Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity. For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks,” IMF stated.
Furthermore, financial institutions in advanced economies, notably the United States, are reported to be more susceptible to cyber incidents compared to their counterparts in emerging markets and developing economies.
“Financial institutions in advanced economies, particularly in the United States, have been more exposed to cyber incidents than firms in emerging market and developing economies,” it added.
The IMF identifies several factors contributing to the rise in cyber incidents, including increased digital connectivity accelerated by the COVID-19 pandemic and growing reliance on technology and financial innovation. Geopolitical tensions, such as those witnessed following Russia’s invasion of Ukraine, are also cited as potential contributing factors.
“A cyber incident at a financial institution or a country’s critical infrastructure could generate macro-financial stability risks through three key channels: loss of confidence, lack of substitutes for the services rendered, and interconnectedness.
“While cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation such as artificial intelligence and heightened global geopolitical tensions exacerbate the risk.
“Recent significant cyber incidents—such as the ransomware attack on the US arm of China’s largest bank, the Industrial and Commercial Bank of China, on November 8, 2023, which temporarily disrupted trades in the US Treasury market—further underscore that cyber incidents at major financial institutions could threaten financial stability,” it said.
To strengthen resilience in the financial sector, the IMF said central banks and authorities will need to develop an adequate national cybersecurity strategy accompanied by effective regulation and supervisory capacity that should encompass:
- Periodically assessing the cybersecurity landscape and identifying potential systemic risks from interconnectedness and concentrations, including from third-party service providers;
- Encouraging cyber “maturity” among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter’s analysis, which suggests that better cyber-related governance may reduce cyber risk.
- Improving cyber hygiene of firms—that is, their online security and system health (such as antimalware and multifactor authentication)—and training and awareness.
- Prioritizing data reporting and collection of cyber incidents, and sharing information among financial sector participants to enhance their collective preparedness.
Additionally, the IMF emphasizes the importance of data reporting, information sharing among financial sector participants, and international cooperation to address cyber risks effectively. With cyberattacks often originating from outside a financial firm’s home country and funds being routed across borders, international collaboration is deemed crucial in mitigating cyber threats and safeguarding the stability of the global financial system.
