IMF Report: Cyberattacks Could Cost Banks Hundres of Billions per Year


Ted McKendall

In June the International Monetary Fund (IMF) warned that cyberattacks pose a significant threat to the financial system, and could potentially be costing banks up to $100 billion a year.


In a report released this week, the IMF revealed it had recently run a modelling exercise to evaluate the cyber threat facing banks today. In its 29-page report, entitled ‘Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment’,  the authors analyzed the different types of cyber incidents (data breaches, fraud occurrences and business disruptions) and identified patterns of behavior using a variety of datasets.


Revealing that banks remained attractive targets to criminals given their role as intermediaries routinely moving huge sums of money, the IMF said that such attacks currently cost banks up to 9% of their net income globally, or around $100 billion a year. The group warned that the damage could run as high as 50% of profits, and said that a targeted institution could ultimately be rendered unable to operate if hit by a ‘massive’ or ‘sophisticated’ attack.


“Cyber risk has emerged as a significant threat to the financial system,” reads the report. “ An IMF staff modeling exercise estimates that average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year, eroding bank profits and potentially threatening financial stability.”


“A successful cyber-attack on one institution could spread rapidly through the highly interconnected financial system,” added the report, which did proviso its findings by saying that “thankfully, there has yet been no successful, large-scale cyberattack on the financial system.”


Moving forward, the IMF says that banks should focus on strengthening the regulatory and supervisory frameworks for cyber risk, and also encouraged these organizations to focus on effective supervisory practices, realistic vulnerability and recovery testing, and contingency planning.


The IMF also said that banks should work closely with governments on sharing data, adding that the recently introduced General Data Protection Regulation (GDPR), which makes breach disclosure mandatory for organizations operating in Europe, could be a positive thing.


No Great Surprises, but Fodder for Change in the Boardroom

While some may raise their eyebrows at the large figures cited here, it many respects the IMF’s report comes as no great surprise. After all, the recent SWIFT attacks illustrate how a centralized banking system can be compromised, and affect a large number of entities. Just look at the Bangladesh Central Bank, which lost $81 milion from such a heist in 2016.


However, the report is clearly a useful resource for CIOs, CISOs and their teams because it clearly illustrates the security dangers organizations face, and in terminology business leaders can understand: money. In short, if you want the CEO to care about what the CISO is saying, that CISO should highlight how intrusions could not only impact business operations, but also bottom lines. Then may you see these leaders begin to drive proactive investment in their digital security defenses, whereas the unfortunate (ironic) norm is for this come after an incident occurs. JP Morgan spent almost half a billion on security operations in one year – but only after its 2014 data breach, for example.


Don’t wait until it’s too late. Trusted Knight is dedicated to helping banks and online merchants prevent digital fraud. The solution pays for itself in proven fraud loss reduction. To find out how Trusted Knight can help protect your bottom line, click one of the buttons below.

Request a Free Trial Download Whitepaper Now