SECURING FINANCIAL SERVICES
26th January, 2023 • Park Plaza Victoria, London, UK
War, a winter energy crisis and economic headwinds spell trouble. Banks are on the frontline.
Cyber losses rising, more to come
According to the BIS, most central banks believe that the loss in percent of annual GDP that could result from a systemically relevant cyber attack on a financial institution, could be between 5% and 10%. That is an astonishing number and reflects the extent to which the financial sector provides critical infrastructure to nation states.
Banks themselves report that losses from cyber attacks have increased in 2020-21, relative to the pre-pandemic era. Asked, “By how much do you think have annual losses from cyber attacks increased in 2020-21 in your financial sector, relative to the pre-pandemic period?” around 30% of institutions in advanced economies said that losses were up by more than 20%.
These are worrying figures because we have yet to see the full effects of the war in Ukraine and the economic stresses caused by disruptions to global markets and by rising interest rates. Cyber attacks on banks actually fell at the start of the Ukraine conflict as hackers on both sides focused on enemies closer to home. That is changing and Western infrastructure is now a target.
Closer to home, economic stress increases cyber risks on both sides: economically motivated hackers maximise their attempts a profitability in tougher markets; but also, economically stressed insiders are more motivated to become malicious and may also be less focused on maintaining security hygiene.
So, what type of cyber incidents does result in the largest monetary losses for financial institutions right now? Advanced persistent malware and ransomware attacks rank highest, with supply chain attacks also mentioned prominently. In general, denial of service attacks are deemed to be the least costly type of attack.
In response to the rising frequency and severity of cyber incidents, respondents to the BIS survey state that financial institutions should prioritize their investments in cyber security towards training staff on cyber security, ensuring that business continuity is maintained, and managing their external dependencies.
This doesn’t seem enough. Given these increased losses and the potential for significant hits to GDP, how should banks be strengthening their cyber defences at a time when geopolitical tensions make attacks on CNI ever more likely?