IMF Urges Strengthening Of Cybersecurity Measures Amid Threat To Global Financial Stability

The International Monetary Fund (IMF) has raised concerns over the rising threat of cyber-attacks on global financial stability.

The multilateral institution pointed out that the number of cyber-related incidents have become much more frequent over the past two decades, and especially since the COVID-19 pandemic.

In its April 2024 Global Financial Stability Report, the multilateral lender observed that since 2020, the aggregated reported direct losses from cyber incidents have amounted to almost $28 billion (in real terms), with billions of records stolen or compromised.

It added that total direct and indirect costs of these incidents, however, are most likely substantially higher.

According to the report, most direct reported losses from cyberattacks are small, around $0.5 million, but the risk of extreme losses—at least as large as $2.5 billion, has increased.

The report identified some contributory factors to rising cyber incidents, including rapidly growing digital connectivity—accelerated by the COVID-19 pandemic, increasing dependence on technology and financial innovation, as well as geopolitical tensions, considering the surge of cyberattacks after Russia’s invasion of Ukraine in February 2022

Noting that the financial sector was highly exposed to cyber risks, with nearly one-fifth of all incidents affecting financial firms.

While companies have historically suffered relatively modest direct losses from cyberattacks, some have experienced a much heavier toll, citing the US credit reporting agency, Equifax, which paid over $1 billion in penalties after a major data breach in 2017 that affected about 150 million consumers.

It stressed that although cyber incidents have so far not been systemic, severe incidents at major financial institutions could pose an acute threat to macro-financial stability through a loss of confidence, the disruption of critical services, and because of technological and financial interconnectedness.

With the global financial system facing significant and growing cyber risks from increasing digitalisation and geopolitical tensions, the report proffered some measures to address cyber incidents.

Among others, it recommended that reporting of cyber incidents by financial firms to supervisory agencies should be strengthened to allow for more effective monitoring of cyber risks.

It also canvassed that cyber legislation at the national level and better cyber-related governance arrangements at firms can help

reduce the frequency of cyber incidents.

According to the report, because private incentives may be insufficient to address cyber risks—for example, firms may not fully account for the system-wide effects of an incident, adding that public intervention may be necessary.

According to a recent IMF survey of central banks and supervisory authorities, cybersecurity policy frameworks, especially in emerging markets and developing economies, often remain insufficient.

For example, only about half of countries surveyed had a national, financial sector-focused cybersecurity strategy or dedicated cybersecurity regulations.

To strengthen resilience in the financial sector, it urged authorities to develop an adequate national cybersecurity strategy accompanied by effective regulation and supervisory capacity that should be all- encompassing.

Other measures include periodic assessment of the cybersecurity landscape and identifying potential systemic risks from interconnectedness and concentrations, including from third-party service providers; encouraging cyber “maturity” among financial sector firms, including board-level access to cybersecurity expertise.

It equally noted the necessity of prioritising data reporting and collection of cyber incidents, and sharing information among financial sector participants to enhance their collective preparedness.

The report further observed that as attacks often emanate from outside a financial firm’s home country and proceeds can be routed across borders, international cooperation is imperative to address cyber risks successfully.

Also noting that while cyber incidents could occur, it pointed out that the financial sector needs the capacity to deliver critical business services during these disruptions. To this end, financial firms should develop, and test, response and recovery procedures and national authorities should have effective response protocols and crisis management frameworks in place, it stated.

Ndubuisi Francis 

Follow us on: