According to the International Monetary Fund (IMF), the financial sector has been the target of over 20,000 cyberattacks in the past two decades, resulting in more than $12 billion in losses. The IMF’s April 2024 Global Financial Stability Report (PDF) highlights the escalating cybersecurity risks facing financial institutions, particularly banks.
Extreme Losses and Systemic Risks
The IMF report underscores the growing threat of extreme losses caused by cyber intrusions, which have more than quadrupled since 2017 to $2.5 billion. These losses can lead to funding problems and even jeopardize the solvency of financial companies. Indirect costs, such as reputational damage and security upgrades, are also substantially higher.
The report warns that such cybersecurity incidents could undermine the credibility of the financial system, potentially leading to economic instability, market sell-offs, and bank runs. While no significant “cyber runs” have been observed, the IMF notes that modest deposit outflows did occur at smaller US banks following a cyberattack.
Emerging Risks and the Need for Stronger Governance
The IMF also highlights the increased reliance on third-party IT service providers and the rise of AI use as potential sources of additional risks, such as ransomware attacks on service providers and AI-related data leaks.
To mitigate these growing cybersecurity threats, the IMF emphasizes the need for effective regulations and adequate national cybersecurity strategies, including cybersecurity landscape assessments, a push for cybersecurity maturity, improved security hygiene, and prioritized incident reporting. International collaboration is also crucial, as many cyberattacks originate from outside an organization’s country.
Cautionary Tale: IMF Email Hack
The IMF’s warning comes less than a month after news broke that nearly a dozen IMF email accounts were hacked in February 2024, underscoring the ongoing vulnerability of even the most prominent financial institutions to cyber threats.