Global financial stability at risk due to cyber threats, IMF warns. Here's what to know

Global financial stability is under threat from the increasing frequency and sophistication of cyberattacks, according to a new report by the International Monetary Fund (IMF).

The risk of extreme losses from cyberattacks is also increasing, the report notes, leaving the financial sector uniquely exposed to cyber threats as operations involve vast amounts of sensitive data and transactions.

For financial institutions, the result of a cyberattack could mean funding challenges, reputational damage and could even lead to insolvency. Moreover, experts warn that for the wider financial sector, major attacks could undermine confidence in the system, disrupt critical services and spill over to other sectors.

In the past two decades, nearly one-fifth of reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial firms, according to the IMF’s Global Financial Stability Report. Since 2020, direct losses amounted to an estimated $2.5 billion.

"While largely recognized as leaders from a cyber maturity standpoint, financial institutions are as vulnerable to steady increase in the frequency and sophistication of cyberattacks as any other sector," said Akshay Joshi, the Head of Industry and Partnerships at the World Economic Forum's Centre for Cybersecurity.

The IMF report adds that banks are particularly targeted and that loss figures are likely much higher when indirect losses and reputational damage are considered.

"Cyber incidents are a key operational risk that could threaten financial institutions’ operational resilience and adversely affect overall macrofinancial stability," the report stated, adding that "while cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation (such as artificial intelligence) and heightened global geopolitical tensions exacerbate the risk."

The IMF's report urges financial firms to boolster their cybersecurity capacity through efforts such as stress testing and information-sharing arrangements, among other recommendations. Moreover, the IMF calls on authorities to develop appropriate and adequate national cybersecurity strategies that are accompanied by regulatory frameworks.

"With the global financial system facing significant and growing cyber risks, policy and governance frameworks to mitigate the risks must keep pace," the report states.

The IMF also called for greater international cooperation around cybersecurity efforts, noting that cyberattacks often originate from outside a financial firm’s home country.

For financial institutions, securing the digital ecosystems is vital, experts maintain. Yet in the wider economy there are growing inequalities between organizations that are cyber resilient and those that aren’t, according to the World Economic Forum’s Global Cybersecurity Outlook 2024 report.

While large organizations have demonstrated gains in cybersecurity, the cyber resilience of small and medium enterprises (SMEs) has declined, the report found. In fact, there has been a 30% drop in the number of SMEs maintaining a minimum viable cyber resilience level despite making up the majority of companies in many countries.

Moreover, the Forum's report found that the disparity between the cybersecurity haves and have nots is being exacerbated by emerging technologies, with many SMEs being left behind as advanced technologies develop.

The Strategic Cybersecurity Talent Framework, a white paper from the World Economic Forum, found that efforts to meet cybersecurity objectives are being hampered by an ongoing skills shortage.

The framework found that there is a global shortage of 4 million cybersecurity professionals, with more than half of public organizations listing a lack of resources and skills as their biggest challenge to improving cyber resilience.

However, efforts are underway to mitigate the cyber skills shortage. The Forum’s Bridging the Cyber Skills Gap initiative, for instance, works to raise awareness amongst executives as well as establish processes that will help build sustainable cyber talent pipelines within organizations and across sectors.

"The case for global public-private cooperation has never been stronger – especially since attacks to the financial institutions can have large cascading effects to the wider economy and society," Joshi added.