4th Platform logo white
Image of finance department

Cyberattacks with ‘systemic consequences’ have risen, according to the IMF

This is a result of greater digitalisation and heightened geopolitical tensions

In a report by the IMF (International Monetary Report), “Cyberattacks have more than doubled since the pandemic.”

Companies have suffered “modest” direct losses from cyberattacks in the past but in the last few years, the attacks have taken a heavier toll, the IMF claims.

You can read the full report here

Why are there vulnerabilities in the industry?

The financial sector is vulnerable to cyberattacks because of the amount of sensitive data and transactions it handles.

A spokesperson from the IMF said: “Incidents in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.

“For example, a severe incident at a financial institution could undermine trust and, in extreme cases, lead to market selloffs or runs on banks. Although no significant “cyber runs” have occurred thus far, our analysis suggests modest and somewhat persistent deposit outflows have occurred at smaller US banks after a cyberattack.

“Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity. For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks.”

The security of the financial sector is also threatened by the rise of “third-party IT service providers and may do so even more with the emerging role of artificial intelligence.”

IMF continues: “Such external providers can improve operational resilience, but also expose the financial industry to systemwide shocks. For example, a 2023 ransomware attack on a cloud IT service provider caused simultaneous outages at 60 US credit unions.

“With the global financial system facing significant and growing cyber risks from increasing digitalization and geopolitical tensions, as shown in the chapter, policies and governance frameworks at firms must keep pace.

“Because private incentives may be insufficient to address cyber risks—for example, firms may not fully account for the systemwide effects of incidents—public intervention may be necessary.”

Scroll to Top