The Global Financial Stability Report 2024 by the IMF has found that Cyberattacks have more than doubled since the pandemic. As a result, financial institutions lost a total of $12 billion to cyberattacks in the last 20 years ,$2.5 billion was lost between 2020 and 2024.
According to the report, attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed. Such incidents could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.
For example, a severe incident at a financial institution could undermine trust and, in extreme cases, lead to market selloffs or runs on banks. Although no significant “cyber runs” have occurred thus far, the report suggests that modest and somewhat persistent deposit outflows have occurred at smaller US banks after a cyberattack.
The report indicated that Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity. For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks.
According to the report, While third-party IT service providers can improve operational resilience, however they can also expose the financial industry to systemwide shocks. For example, a 2023 ransomware attack on a cloud IT service provider caused simultaneous outages at 60 US credit unions.
Increasing digitalization and geopolitical tensions are another reason the global financial system is facing significant and growing cyber attacks, therefore policies and governance frameworks at firms must keep pace.
Furthermore because private incentives may be insufficient to address cyber risks—for example, firms may not fully account for the systemwide effects of incidents—public intervention may be necessary.
According to an IMF survey of central banks and supervisory authorities, cybersecurity policy frameworks, especially in emerging market and developing economies, often remain insufficient. For example, only about half of countries surveyed had a national, financial sector-focused cybersecurity strategy or dedicated cybersecurity regulations.
To strengthen resilience in the financial sector, authorities should develop an adequate national cybersecurity strategy accompanied by effective regulation and supervisory capacity that should encompass:
Periodically assessing the cybersecurity landscape and identifying potential systemic risks from interconnectedness and concentrations, including from third-party service providers.
Encouraging cyber “maturity” among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter’s analysis which suggests that better cyber-related governance may reduce cyber risk.
Improving cyber hygiene of firms—that is, their online security and system health (such as antimalware and multifactor authentication)—and training and awareness.
Prioritizing data reporting and collection of cyber incidents, and sharing information among financial sector participants to enhance their collective preparedness.
As attacks often emanate from outside a financial firm’s home country and proceeds can be routed across borders, international cooperation is imperative to address cyber risk successfully.
While cyber incidents will occur, the financial sector needs the capacity to deliver critical business services during these disruptions. To this end, financial firms should develop, and test, response and recovery procedures and national authorities should have effective response protocols and crisis management frameworks in place.
The IMF actively helps member countries strengthen their cybersecurity frameworks through policy advice, for example as part of the Financial Sector Assessment Program, and through capacity-building activities.