Report: Financial Firms Lost $12 Billion Over Last Two Decades to Cyberattacks

According to the International Monetary Fund (IMF), the financial sector has suffered significant losses due to cyberattacks over the last twenty years. These attacks, totaling over 20,000 incidents, have resulted in more than $12 billion in financial losses. The IMF's April 2024 Global Financial Stability Report highlights a concerning trend of cyber intrusions targeting financial firms, particularly banks, which has led to an increased risk of substantial losses.

The report emphasizes that these losses, which have more than quadrupled since 2017, could potentially disrupt funding for companies and even threaten their solvency. Additionally, indirect losses such as reputational damage or expenses related to security upgrades are noted to be considerably higher. Financial institutions are frequent targets for cybercriminals, who aim to steal money or disrupt economic activities, posing a threat to the stability of the financial system.

The IMF warns of the potential consequences of cyberattacks undermining the credibility of the financial system, including market sell-offs and bank runs. While significant cyber runs have not yet been observed, minor deposit outflows have occurred at smaller US banks following cyber incidents. The disruption of critical services, such as payment networks, can severely impact economic activity, as demonstrated by the attack on the Central Bank of Lesotho, which disrupted the national payment system.

The reliance on third-party IT services and the increasing use of AI (artificial intelligence) introduce additional risks to financial institutions, including outages caused by ransomware attacks and AI-related data leaks. The IMF stresses the importance of adapting policies and governance frameworks to address the growing cyber risks in the financial sector. Effective regulations, national cybersecurity strategies, cybersecurity assessments, and incident reporting prioritization are highlighted as essential measures to mitigate these risks.

International collaboration is deemed crucial in combating cyber threats, given that attacks often originate from outside a country's borders. The IMF's warning follows recent news of cyberattacks on IMF email accounts in February 2024, underscoring the urgency of addressing cybersecurity vulnerabilities in the financial industry.