An official website of the Pakistan government 
In the digital age, cybercrime isn't just a nuisance anymore; it's a financial time bomb ticking away, threatening to detonate with devastating consequences. The once-distant threat of hackers has become a tangible, immediate danger to financial institutions worldwide. Due to the vast amounts of sensitive data and transactions they handle, financial institutions are particularly vulnerable to these attacks. With the increasing sophistication of cyberattacks and the growing value of digital assets, the potential for financial devastation has never been higher.
Global financial stability is under threat from the increasing frequency and sophistication of cyberattacks, according to a report by the International Monetary Fund (IMF).
A successful cyberattack could have severe consequences for a financial institution, including funding difficulties, reputational damage, and even insolvency. Additionally, experts warn that large-scale attacks could erode public trust in the financial system, disrupt essential services, and have ripple effects on other industries.
The Rising Costs of Cybercrime
Cyberattacks are a significant operational risk that could compromise the resilience of financial institutions and negatively impact broader macroeconomic stability. Although cyber incidents have not yet caused systemic issues, the ongoing rapid digital transformation, technological advancements like artificial intelligence, and rising global tensions are exacerbating this risk.
Financial institutions are increasingly dependent on third-party IT service providers, a trend likely to intensify with the growing role of artificial intelligence. While these external providers can enhance operational resilience, they also expose the financial industry to systemic risks. For example, a ransomware attack on a cloud IT service provider in 2023 led to simultaneous outages at 60 US credit unions.
The global financial sector has experienced nearly one-fifth of all reported cyber incidents in the past two decades, resulting in direct losses of $12 billion to financial firms, according to the IMF's Global Financial Stability Report. Since 2020 alone, these direct losses have reached an estimated $2.5 billion.
Cyberattacks targeting critical services such as payment networks can have a significant negative impact on economic activity. For instance, a December attack on the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks.
Despite their reputation for cybersecurity leadership, financial institutions remain vulnerable to the increasing frequency and complexity of cyberattacks. Banks are a primary target for these attacks, and the actual financial toll is likely much higher when indirect losses and reputational damage are factored in.
As the global financial system grapples with escalating cyber threats due to digitalization and geopolitical tensions, firms must adapt their policies and governance frameworks accordingly.
Private incentives alone may not be enough to mitigate cyber risks, as firms might not fully consider the potential systemic consequences of incidents. Therefore, public intervention may be essential.
Given that cyberattacks often originate from outside a financial firm's jurisdiction and proceeds can be laundered across borders, international cooperation is crucial for effectively addressing cyber risks. Although cyber incidents are inevitable, the financial sector must be capable of providing essential business services during disruptions. To achieve this, financial firms should develop and test robust response and recovery procedures, while national authorities should have effective response protocols and crisis management frameworks in place.
The Cybersecurity Skills Gap:
The cybersecurity gap is widening. Experts emphasize the importance of securing digital ecosystems for financial institutions. However, the World Economic Forum's Global Cybersecurity Outlook 2024 report highlights a growing disparity between cyber-resilient and vulnerable organizations within the broader economy.
While large organizations have made strides in cybersecurity, the cyber resilience of small and medium enterprises (SMEs) has deteriorated. Despite comprising the majority of companies in many countries, the number of SMEs maintaining a minimum viable cyber resilience level has decreased by 30%. Furthermore, emerging technologies are widening the cybersecurity gap between organizations. Many SMEs are falling behind as these advanced technologies continue to evolve. The Strategic Cybersecurity Talent Framework identified a persistent skills shortage that is hindering efforts to achieve cybersecurity goals. The framework found a global deficit of 4 million cybersecurity professionals, with over half of public organizations citing a lack of resources and skills as their primary obstacle to enhancing cyber resilience.
Nevertheless, initiatives are underway to address the cyber skills shortage. The Forum's Bridging the Cyber Skills Gap initiative, for example, aims to raise awareness among executives and establish processes that will foster sustainable cyber talent pipelines within organizations and across industries.
The need for global public-private cooperation has never been more urgent, especially considering the potential for widespread economic and societal consequences from cyberattacks on financial institutions.
Despite efforts to address cybersecurity, an IMF survey of central banks and supervisory authorities found that policy frameworks, particularly in emerging markets and developing economies, often fall short. For example, only about half of the surveyed countries had a national cybersecurity strategy specifically for the financial sector or dedicated cybersecurity regulations. To enhance resilience in the financial sector, authorities should implement a comprehensive national cybersecurity strategy, supported by effective regulation and supervisory capabilities.
Regularly evaluating the cybersecurity landscape and identifying potential systemic risks arising from interconnectedness and concentrations, including those posed by third-party service providers. Promoting cyber "maturity" among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter's analysis, suggests that improved cyber-related governance can mitigate cyber risk.
Enhancing firms' cyber hygiene, which includes their online security and system health (e.g., antimalware and multifactor authentication), as well as training and awareness. Prioritizing data reporting and collection of cyber incidents, and facilitating information sharing among financial sector participants to bolster their collective preparedness.
Financial institutions should strengthen their cybersecurity defenses by conducting stress tests and participating in information-sharing initiatives. Moreover, regulatory bodies must establish comprehensive national cybersecurity strategies with accompanying regulatory frameworks. As the global financial system confronts growing cyber threats, policy and governance structures must adapt to effectively address these risks.
Global financial stability is under threat from the increasing frequency and sophistication of cyberattacks, according to a report by the International Monetary Fund (IMF).
A successful cyberattack could have severe consequences for a financial institution, including funding difficulties, reputational damage, and even insolvency. Additionally, experts warn that large-scale attacks could erode public trust in the financial system, disrupt essential services, and have ripple effects on other industries.
The Rising Costs of Cybercrime
Cyberattacks are a significant operational risk that could compromise the resilience of financial institutions and negatively impact broader macroeconomic stability. Although cyber incidents have not yet caused systemic issues, the ongoing rapid digital transformation, technological advancements like artificial intelligence, and rising global tensions are exacerbating this risk.
Financial institutions are increasingly dependent on third-party IT service providers, a trend likely to intensify with the growing role of artificial intelligence. While these external providers can enhance operational resilience, they also expose the financial industry to systemic risks. For example, a ransomware attack on a cloud IT service provider in 2023 led to simultaneous outages at 60 US credit unions.
The global financial sector has experienced nearly one-fifth of all reported cyber incidents in the past two decades, resulting in direct losses of $12 billion to financial firms, according to the IMF's Global Financial Stability Report. Since 2020 alone, these direct losses have reached an estimated $2.5 billion.
Cyberattacks targeting critical services such as payment networks can have a significant negative impact on economic activity. For instance, a December attack on the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks.
Despite their reputation for cybersecurity leadership, financial institutions remain vulnerable to the increasing frequency and complexity of cyberattacks. Banks are a primary target for these attacks, and the actual financial toll is likely much higher when indirect losses and reputational damage are factored in.
As the global financial system grapples with escalating cyber threats due to digitalization and geopolitical tensions, firms must adapt their policies and governance frameworks accordingly.
Private incentives alone may not be enough to mitigate cyber risks, as firms might not fully consider the potential systemic consequences of incidents. Therefore, public intervention may be essential.
Given that cyberattacks often originate from outside a financial firm's jurisdiction and proceeds can be laundered across borders, international cooperation is crucial for effectively addressing cyber risks. Although cyber incidents are inevitable, the financial sector must be capable of providing essential business services during disruptions. To achieve this, financial firms should develop and test robust response and recovery procedures, while national authorities should have effective response protocols and crisis management frameworks in place.
The Cybersecurity Skills Gap:
The cybersecurity gap is widening. Experts emphasize the importance of securing digital ecosystems for financial institutions. However, the World Economic Forum's Global Cybersecurity Outlook 2024 report highlights a growing disparity between cyber-resilient and vulnerable organizations within the broader economy.
While large organizations have made strides in cybersecurity, the cyber resilience of small and medium enterprises (SMEs) has deteriorated. Despite comprising the majority of companies in many countries, the number of SMEs maintaining a minimum viable cyber resilience level has decreased by 30%. Furthermore, emerging technologies are widening the cybersecurity gap between organizations. Many SMEs are falling behind as these advanced technologies continue to evolve. The Strategic Cybersecurity Talent Framework identified a persistent skills shortage that is hindering efforts to achieve cybersecurity goals. The framework found a global deficit of 4 million cybersecurity professionals, with over half of public organizations citing a lack of resources and skills as their primary obstacle to enhancing cyber resilience.
Nevertheless, initiatives are underway to address the cyber skills shortage. The Forum's Bridging the Cyber Skills Gap initiative, for example, aims to raise awareness among executives and establish processes that will foster sustainable cyber talent pipelines within organizations and across industries.
The need for global public-private cooperation has never been more urgent, especially considering the potential for widespread economic and societal consequences from cyberattacks on financial institutions.
Despite efforts to address cybersecurity, an IMF survey of central banks and supervisory authorities found that policy frameworks, particularly in emerging markets and developing economies, often fall short. For example, only about half of the surveyed countries had a national cybersecurity strategy specifically for the financial sector or dedicated cybersecurity regulations. To enhance resilience in the financial sector, authorities should implement a comprehensive national cybersecurity strategy, supported by effective regulation and supervisory capabilities.
Regularly evaluating the cybersecurity landscape and identifying potential systemic risks arising from interconnectedness and concentrations, including those posed by third-party service providers. Promoting cyber "maturity" among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter's analysis, suggests that improved cyber-related governance can mitigate cyber risk.
Enhancing firms' cyber hygiene, which includes their online security and system health (e.g., antimalware and multifactor authentication), as well as training and awareness. Prioritizing data reporting and collection of cyber incidents, and facilitating information sharing among financial sector participants to bolster their collective preparedness.
Financial institutions should strengthen their cybersecurity defenses by conducting stress tests and participating in information-sharing initiatives. Moreover, regulatory bodies must establish comprehensive national cybersecurity strategies with accompanying regulatory frameworks. As the global financial system confronts growing cyber threats, policy and governance structures must adapt to effectively address these risks.
