econintersect .com

FREE NEWSLETTER: Econintersect sends a nightly newsletter highlighting news events of the day, and providing a summary of new articles posted on the website. Econintersect will not sell or pass your email address to others per our privacy policy. You can cancel this subscription at any time by selecting the unsubscribing link in the footer of each email.

posted on 29 October 2017

Cyber Defense Must Be Global

from the International Monetary Fund

-- this post authored by Emanuel Kopp, Lincoln Kaffenberger, and Christopher Wilson

Cyberattacks on financial institutions are becoming more common and considerably more sophisticated. High-profile cases like the Equifax breach, which compromised the confidentiality of 143 million Americans’ credit information, and the theft of US$81 million from Bangladesh Bank, are just two examples of recent cyber breaches in the financial industry.

Today, cyber risk is a permanent threat to financial institutions and the proper functioning of the highly interconnected financial system. Banks of all sizes experience cyberattacks every day. Breaches of individual firms can cause adverse knock-on effects for other financial and nonfinancial firms and give rise to systemic risk, a new dimension of cyber risk that is little understood.

Our recent IMF Working Paper suggests that international organizations like the Bank for International Settlements, the Financial Stability Board, and the IMF can play a key role in supporting information sharing, designing coordinated policies, helping resolve disputes, and containing systemic risk.

Sophisticated attacks

Some of the most dangerous cyberattacks include attacks on money transfer and ATM operations, malicious software introduced into bank systems, destruction of files and hardware, and extortionary events that disrupt internal operations.

Yet with the current patchwork of national regulation and industry self-policing, comprehensive data are lacking, and the risk is likely underestimated.

Companies themselves contribute to the uncertainty because, fearing damage to their reputation or loss of business, they often withhold information about cyber events. In some cases, breaches are disclosed only months or years later.

Limits of security

How to manage such a broad and complex threat? Security measures such as firewalls, data encryption, training, and business continuity planning, while necessary, can be costly and may make it harder for a company to conduct routine business operations. Redesigning products or processes may help avoid risk, but new practices can introduce new vulnerabilities.

Firms can transfer risk to third parties such as insurance companies or outside cybersecurity vendors. But asymmetries and a lack of information among these players - and generally little experience with this kind of economic risk - limit the potential for the private sector to reduce cyber risk in the financial system. Firms typically underestimate their exposure to cyber risk and overestimate their ability to defend against it and the coverage provided by their cyber insurance policies. Compared with other insurable risks, cyber risk is not well understood, so insurance companies are pricing a cushion into premiums to account for uncertainty.

Systemic risk

These third parties may themselves become targets of hackers. And if only a few insurers or cybersecurity vendors are in the marketplace, this concentration could become a source of systemic risk throughout the financial system.

Systemic risk can also arise from concentration of information technology within the financial system, whose firms use common operating systems and programs, cloud servers, and electronic network hubs. Connections through interbank and transfer markets could allow shocks to spread quickly throughout the financial system. The popularity of cyber insurance policies has created a fast-growing market, but the continuing buildup of cyber risk in the insurance sector can itself become a systemic risk.

There is a clear role for the public sector to ensure that losses from cyberattacks do not give rise to systemic risk.

Regulatory agenda

National authorities should provide incentives to ensure that cyberattacks are reported promptly and accurately and that loss data are collected systematically. Because cyberattacks are criminal in nature, banking regulators should be able to coordinate rapidly with law enforcement agencies. And it’s essential that regulators have the ability and the authority to adapt their responses quickly as cyberthreats evolve.

Cyber risk has no geographical borders, and the threat is global, so the role of international institutions is crucial. The time has come for governments to consider a coordinated response to systemic cyber risk. International bodies like the Financial Stability Board and international forums like the Group of Seven are leading an effort to disseminate information among members and foster policy coordination among countries. They appear to be well placed to help address some of the informational and cross-border coordination challenges presented by systemic cyber risk.


>>>>> Scroll down to view and make comments <<<<<<

Click here for Historical News Post Listing

Make a Comment

Econintersect wants your comments, data and opinion on the articles posted. You can also comment using Facebook directly using he comment block below.

Econintersect Contributors

Print this page or create a PDF file of this page
Print Friendly and PDF

The growing use of ad blocking software is creating a shortfall in covering our fixed expenses. Please consider a donation to Econintersect to allow continuing output of quality and balanced financial and economic news and analysis.

Keep up with economic news using our dynamic economic newspapers with the largest international coverage on the internet
Asia / Pacific
Middle East / Africa
USA Government

 navigate econintersect .com


Analysis Blog
News Blog
Investing Blog
Opinion Blog
Precious Metals Blog
Markets Blog
Video of the Day


Asia / Pacific
Middle East / Africa
USA Government

RSS Feeds / Social Media

Combined Econintersect Feed

Free Newsletter

Marketplace - Books & More

Economic Forecast

Content Contribution



  Top Economics Site Contributor TalkMarkets Contributor Finance Blogs Free PageRank Checker Active Search Results Google+

This Web Page by Steven Hansen ---- Copyright 2010 - 2018 Econintersect LLC - all rights reserved