• Tuesday, May 21, 2024
businessday logo

BusinessDay

Cybersecurity policy framework remains insufficient, says IMF

10 African countries with the highest debts to IMF

The International Monetary Fund (IMF) has said that cybersecurity policy frameworks, especially in emerging markets and developing economies, often remain insufficient.

This was part of the IMF survey of central banks and supervisory authorities, as published in a blog titled ‘Rising Cyber Threats Pose Serious Concerns for Financial Stability’ by Fabio Natalucci, Mahvash S. Qureshi, Felix Suntheim.

Read also: Banks chief audit executives seek lenders collaboration on cybersecurity

“For example, only about half of countries surveyed had a national, financial sector-focused cybersecurity strategy or dedicated cybersecurity regulations,” the IMF said in a new blog post.

According to the IMF, cyberattacks have more than doubled since the pandemic. While companies have historically suffered relatively modest direct losses from cyberattacks, some have experienced a much heavier toll.

“As we show in a chapter of the April 2024 Global Financial Stability report, the risk of extreme losses from cyber incidents is increasing. Such losses could potentially cause funding problems for companies and even jeopardize their solvency. The size of these extreme losses has more than quadrupled since 2017 to $2.5 billion. And indirect losses like reputational damage or security upgrades are substantially higher.”

The financial sector is uniquely exposed to cyber risk. Financial firms—given the large amounts of sensitive data and transactions they handle—are often targeted by criminals seeking to steal money or disrupt economic activity. Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed.

To strengthen resilience in the financial sector, the Washington based IMF said authorities should develop an adequate national cybersecurity strategy accompanied by effective regulation and supervisory capacity.

According to the Fund, the strategy should encompass periodically assessing the cybersecurity landscape and identifying potential systemic risks from interconnectedness and concentrations, including from third-party service providers. Encouraging cyber “maturity” among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter’s analysis which suggests that better cyber-related governance may reduce cyber risk.

It should also include improving cyber hygiene of firms—that is, their online security and system health (such as antimalware and multifactor authentication)—and training and awareness, prioritizing data reporting and collection of cyber incidents, and sharing information among financial sector participants to enhance their collective preparedness.

Read also: Kaspersky predicts shifts in industrial cybersecurity practices in 2024

As attacks often emanate from outside a financial firm’s home country and proceeds can be routed across borders, international cooperation is imperative to address cyber risk successfully.

According to the report, incidence in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions.

For example, a severe incident at a financial institution could undermine trust and, in extreme cases, lead to market sell offs or runs on banks. “Although no significant “cyber runs” have occurred thus far, our analysis suggests modest and somewhat persistent deposit outflows have occurred at smaller US banks after a cyberattack.”

Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity.