Cyber risk is new threat to financial stability: IMF

Washington: The number of cyberattacks worldwide has tripled over the last decade and financial services continue to be the most targeted industry, according to International Monetary Fund (IMF).

“Cybersecurity has clearly become a threat to financial stability,” wrote Jennifer Elliott and Nigel Jenkinson of IMF’s Monetary and Capital Markets Department in a blogpost released on Monday (local time).

“Given strong financial and technological inter-connections, a successful attack on a major financial institution — or on a core system or service used by many — could quickly spread through the entire financial system, causing widespread disruption and loss of confidence.”

Transactions could fail as liquidity is trapped, households and companies could lose access to deposits and payments, said Elliott and Jenkinson.

Under extreme scenarios, investors and depositors may demand their funds or try to cancel their accounts or other services and products they regularly use.

Hacking tools are now cheaper, simpler and more powerful, allowing lower-skilled hackers to do more damage at a fraction of the previous cost. The expansion of mobile-based services (the only technological platform available for many people), increases the opportunities for hackers.

“Attackers target large and small institutions, rich and poor countries, and operate without borders. Fighting cybercrime and reducing risk must therefore be a shared undertaking across and inside countries,” said Elliott and Jenkinson.

While the daily foundational risk management work — maintaining networks, updating software and enforcing strong cyber hygiene — remains with financial institutions, there is also a need to address common challenges and recognise the spillovers and inter-connections across the financial system.

Individual firm incentives to invest in protection are not enough. Regulation and public policy intervention is needed to guard against under-investment and protect the broader financial system from the consequences of an attack.

Elliott and Jenkinson said many national financial systems are not yet ready to manage attacks, while international coordination is still weak.