Financial Sectors Lost $20 Billion Over the Past 20 Years

In a startling revelation, cyberattacks have surged to more than double their pre-pandemic levels, casting a long shadow over global financial stability.

The International Monetary Fund (IMF) highlighted this alarming trend in its April 2024 Global Financial Stability Report, underscoring the escalating risk of catastrophic financial losses due to cyber incidents.

Historically, direct financial losses from cyberattacks on companies have been relatively contained. However, certain cases have demonstrated the potential for devastating financial repercussions.

A notable example is the US credit reporting giant Equifax, which incurred over $1 billion in penalties following a significant data breach in 2017, impacting approximately 150 million consumers.

The IMF report draws attention to the growing magnitude of potential losses, which have seen a staggering increase. The cost of extreme cyber incidents has quadrupled since 2017, reaching an unprecedented $2.5 billion. These figures do not account for the indirect costs associated with such attacks, which include reputational damage and the expenses related to bolstering security measures.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free 

Financial Sector at the Epicenter of Cyber Risks

The financial industry finds itself particularly vulnerable to cyber threats. With vast amounts of sensitive data and financial transactions under their purview, financial institutions are prime targets for cybercriminals.

These adversaries aim to either pilfer funds or disrupt economic activities. Banks, being the cornerstone of the financial sector, bear the brunt of these attacks, constituting nearly one-fifth of all cyber incidents.

The repercussions of cyberattacks on financial firms extend far beyond immediate financial losses. Such incidents can potentially erode public confidence in the financial system, disrupt essential services, and even trigger cascading effects across other institutions.

The IMF report warns of severe cyber incidents that could precipitate market sell-offs or bank runs. Although the industry has yet to witness a significant “cyber run,” evidence suggests that cyberattacks have led to modest yet persistent deposit withdrawals from smaller US banks.

Beyond Financial Losses: The Broader Economic Impact

Cyberattacks cause financial losses and pose a threat to national security. Incidents impairing critical services, such as payment networks, can have far-reaching economic consequences.

For instance, a cyberattack in December at the Central Bank of Lesotho severely disrupted the national payment system, hampering transactions by domestic banks and illustrating the potential for widespread economic disruption.

Moreover, financial firms’ increasing reliance on third-party service providers introduces additional vulnerabilities. The interconnected nature of these relationships means that a breach in one entity can have a domino effect, affecting multiple institutions and services.

As the digital landscape continues to evolve, the IMF’s report serves as a stark reminder of the urgent need for enhanced cybersecurity measures.

The financial sector, in particular, must bolster its defenses to safeguard against the ever-growing threat of cyberattacks, which pose a significant risk not only to individual institutions but to global financial stability and economic well-being.

Ian Harrigan, director and co-founder of i-confidential, told Cyber Security News, “Banks are aware of their status as prize targets for adversaries, so they have responded to this threat by improving their defenses far beyond most industries. But despite this, the IMF is clearly concerned that more needs to be done.

In the last few months, we have witnessed third-party attacks against some of the world’s leading banks. American Express and Bank of America both announced customer data breaches following an attack on one of their suppliers. This highlights that even when banks take stringent measures to protect their own assets, this doesn’t make them immune to supply-chain attacks.  

Fortunately, both these attacks only impacted a limited number of customers. But, if a bank, or a group of banks, were to suffer a cyber attack where money, data, and systems were impacted, the IMF is right in saying this could erode confidence in the financial system. As a result, financial organizations must be at the forefront of defense.

“To combat supply-chain attacks, financial organizations must ensure they address the security fundamentals. This includes holding an inventory of all their suppliers, understanding each supplier’s inherent risk, assuring suppliers based on their classification or inherent risk, and, where suppliers need to remediate issues, following up to ensure they do. To bolster this, organisations should also consider how they and their third parties share information or connectivity while also ensuring they adopt good security practices.”

“Internally, banks must embed security into all their processes, where staff are regularly trained, security processes are adopted as standard, systems are kept up to date, security solutions are deployed, and legacy equipment is kept segregated from mission-critical network areas to avoid low hanging fruit for attackers.” Ian Harrigan said.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment