Cybersecurity

The major threat to global financial security we're not doing enough about

a man types on his laptop, on the screen different charts relating to money are shown

Dependence on digital financial services is increasing. Image: Unsplash/Austin Distel

Jennifer Elliott
Division Chief of Technical Assistance Strategy in the Monetary and Capital Markets Department, IMF
Nigel Jenkinson
Division Chief of Financial Regulation and Supervision in the Monetary and Capital Markets Department, IMF
  • Cyberattacks are on the rise - with financial services a key target.
  • The IMF is warning that many national systems are unprepared to fight an attack.
  • It's outlined six major strategies to strength cybersecurity and improve financial stability.

Many of us take for granted the ability to withdraw money from our bank account, wire it to family in another country, and pay bills online. Amid the global pandemic, we’ve seen how much digital connection matters to our everyday life. But what if a cyberattack takes the bank down and a remittance doesn’t go through?

Have you read?

As we become increasingly reliant on digital financial services, the number of cyberattacks has tripled over the last decade, and financial services continue to be the most targeted industry. Cybersecurity has clearly become a threat to financial stability.

Given strong financial and technological interconnections, a successful attack on a major financial institution, or on a core system or service used by many, could quickly spread through the entire financial system causing widespread disruption and loss of confidence. Transactions could fail as liquidity is trapped, household and companies could lose access to deposits and payments. Under extreme scenarios, investors and depositors may demand their funds or try to cancel their accounts or other services and products they regularly use.

this chart shows how cyber attacks have increased
Cyber attacks are a growing threat. Image: IMF

Hacking tools are now cheaper, simpler and more powerful, allowing lower-skilled hackers to do more damage at a fraction of the previous cost. The expansion of mobile-based services (the only technological platform available for many people), increases the opportunities for hackers. Attackers target large and small institutions, rich and poor countries, and operate without borders. Fighting cybercrime and reducing risk must therefore be a shared undertaking across and inside countries.

A chart showing how much data has been lost in cyber attacks over the past sixteen years
More of our data has been exposed as a result of cyber attacks. Image: IMF

While the daily foundational risk management work — maintaining networks, updating software and enforcing strong ‘cyber hygiene’ — remains with financial institutions, there is also a need to address common challenges and recognize the spillovers and interconnections across the financial system. Individual firm incentives to invest in protection are not enough; regulation and public policy intervention is needed to guard against underinvestment and protect the broader financial system from the consequences of an attack.

In our view, many national financial systems are not yet ready to manage attacks, while international coordination is still weak. In new IMF staff research, we suggest six major strategies that would considerably strengthen cybersecurity and improve financial stability worldwide.

Cyber mapping and risk quantification

The global financial system’s interdependencies can be better understood by mapping key operational and technological interconnections and critical infrastructure. Better incorporating cyber risk into financial stability analysis will improve the ability to understand and mitigate system-wide risk. Quantifying the potential impact will help focus the response and promote stronger commitment to the issue. Work in this area is nascent—in part due to data shortcomings on the impact of cyber events and modelling challenges—but must be accelerated to reflect its growing importance.

Converging regulation

More internationally consistent regulation and supervision will reduce compliance costs and build a platform for stronger cross-border cooperation. International bodies such as the Financial Stability Board, Committee on Payments and Market Infrastructure, and Basel Committee, have begun to strengthen coordination and foster convergence. National authorities need to work together on implementation.

Capacity to respond

As cyberattacks become increasingly common, the financial system has to be able to resume operations quickly even in the face of a successful attack, safeguarding stability. So-called response and recovery strategies are still incipient, particularly in low-income countries, which need support in developing them. International arrangements are necessary to support response and recovery in cross-border institutions and services.

Willingness to share

More information-sharing on threats, attacks, and responses across the private and the public sectors will enhance the ability to deter and respond effectively. Yet, serious barriers remain, often stemming from national security concerns and data protection laws. Supervisors and central banks need to develop information sharing protocols and practices that work effectively within these constraints. A globally agreed template for information sharing, increased use of common information platforms, and expansion of trusted networks could all reduce barriers.

Stronger deterrence

Cyberattacks should become more expensive and riskier through effective measures to confiscate crime proceeds and prosecute criminals. Stepping up international efforts to prevent, disrupt and deter attackers would reduce the threat at its source. This requires strong co-operation between law enforcement agencies and national authorities responsible for critical infrastructure or security, across countries and agencies. Since hackers know no borders, global crime requires global enforcement.

Capacity development

Helping developing and emerging economies build cybersecurity capacity will strengthen financial stability and support financial inclusion. Low-income countries are particularly vulnerable to cyber risk. The COVID-19 crisis has highlighted the decisive role that connectivity plays in the developing world. Harnessing technology safely and securely will continue to be central to development and with it a need to ensure that cyber risk is addressed. As with any virus, the proliferation of cyber threats in any given country makes the rest of the world less safe.

Addressing all these gaps will require a collaborative effort from standard-setting bodies, national regulators, supervisors, industry associations, private sector, law enforcement, international organizations, and other capacity development providers and donors. The IMF is focusing its efforts on low-income countries, by providing capacity development to financial supervisors, and by bringing the issues and perspectives of these countries to the international bodies and policy discussions in which they are not adequately represented.

Loading...
Loading...
Loading...
Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Technological Transformation

Related topics:
CybersecurityFinancial and Monetary Systems
Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum