IMF’s Lagarde: Estimating Cyber Risk for the Financial Sector

IMF Managing Director Christine Lagarde delivers remarks to the media during a press conference regarding the IMF’s loan for Argentina in the form of a Stand-By Arrangement on Wednesday, June 20 at IMF Headquarters in Washington, D.C. Ryan Rayburn/IMF Photo

This story is brought to you in association with the International Monetary Fund

Written by Christine Lagarde, IMF’s Managing Director

Average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year (photo: Eti Ammos/iStock by Getty Images)

Cyber risk has emerged as a significant threat to the financial system. An IMF staff modeling exercise estimates that average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year, eroding bank profits and potentially threatening financial stability.

Recent cases show that the threat is real. Successful attacks have already resulted in data breaches in which thieves gained access to confidential information, and fraud, such as the theft of $500 million from the Coincheck cryptocurrency exchange. And there is the threat that a targeted institution could be left unable to operate.

Not surprisingly, surveys consistently show that risk managers and other executives at financial institutions worry most about cyber-attacks, as in the graphic below.

Financial sector’s vulnerability

The financial sector is particularly vulnerable to cyber-attacks. These institutions are attractive targets because of their crucial role in intermediating funds. A successful cyber-attack on one institution could spread rapidly through the highly interconnected financial system. Many institutions still use older systems that might not be resilient to cyber-attacks. And a successful cyber-attack can have direct material consequences through financial losses as well as indirect costs such as diminished reputation.

Recent high-profile cases have increasingly put cyber risk on the agenda of the official sector—including international organizations. However, quantitative analysis of cyber risk is still at an early stage, especially due to the lack of data on the cost of cyber-attacks, and difficulties in modeling cyber risk.

Cyber risk has emerged as a significant threat to the financial system.

A recent IMF study provides a framework for thinking about potential losses due to cyber-attacks with a focus on the financial sector.

Estimating potential losses

The modeling framework uses techniques from actuarial science and operational risk measurement to estimate aggregate losses from cyber-attacks. This requires an assessment of the frequency of cyber-attacks on financial institutions and an idea of the distribution of losses from such events. Numerical simulations can then be used to estimate the distribution of aggregate cyber-attack losses.

We illustrate our framework using a data set covering recent losses due to cyber-attacks in 50 countries. This provides an example of how potential losses for financial institutions could be estimated. The exercise is difficult and is made even more challenging by major data gaps on cyber risk. Moreover, thankfully, there has yet been no successful, large-scale cyber-attack on the financial system.

Our results should thus be considered as illustrative. Taken at face value, they suggest that average annual potential losses from cyber-attacks may be large, close to 9 percent of banks’ net income globally, or around $100 billion. In a severe scenario—in which the frequency of cyber-attacks would be twice as high as in the past with greater contagion— losses could be 2½–3½ times as high as this, or $270 billion to $350 billion.

The framework could be used to examine extreme risk scenarios involving massive attacks. The distribution of the data we have collected suggests that in such scenarios, representing the worst 5 percent of cases, average potential losses could reach as high as half of banks’ net income, putting the financial sector at risk.

Such estimated losses are several orders of magnitude greater than the present size of the cyber insurance market. Despite recent growth, the insurance market for cyber risk remains small with around $3 billion in premiums globally in 2017. Most financial institutions do not even carry cyber insurance. Coverage is limited, and insurers face challenges in evaluating risk because of uncertainty about cyber exposures, lack of data, and possible contagion effects.

The way forward

There is much scope to improve risk assessments. Government collection of more granular, consistent, and complete data on the frequency and impact of cyber-attacks would help assess risk for the financial sector. Requirements to report breaches—such as considered under the EU’s General Data Protection Regulation—should improve knowledge of cyber-attacks. Scenario analysis could be used to develop a comprehensive assessment of how cyber-attacks could spread and design adequate responses by private institutions and governments.

Further work is needed also to understand how to strengthen the resilience of financial institutions and infrastructures, both to reduce the odds of a successful cyber-attack but also to facilitate smooth and rapid recovery. There is also a need to build capacity in the official sector in many parts of the world to monitor and regulate such risks.

In sum, strengthening the regulatory and supervisory frameworks for cyber risk is needed, and efforts should focus on effective supervisory practices, realistic vulnerability and recovery testing, and contingency planning. The IMF is providing technical assistance to help member countries improve their regulatory and supervisory frameworks.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

the European Sting Milestones

Featured Stings

Stopping antimicrobial resistance would cost just USD 2 per person a year

Parlamentarians to “break up” with reality in the Google antitrust case

EU’s guidelines on net neutrality see the light although grey areas do remain

The US banks drive the developing world to a catastrophe

“Health and environment first of all”, EU says with forced optimism after 7th round of TTIP talks

Germany readies to pay for the Brexit gap in EU finance

China Unlimited Special Report: The trip to China

COP21 Breaking News_03 December: UNFCCC Secretariat Launches Forest Information Hub

Time to be welcome: Youth work and integration of young refugees

EU to negotiate an FTA with Japan

Ukrainian civil war: Is this the beginning of the end or the end of the beginning?

Turkey to let EU alone struggle with the migrant crisis while enhancing its economic ties with Russia instead?

IQ scores have been falling for decades, new study finds

“As German Chancellor I want to be able to cope with the merger of the real and digital economy”, Angela Merkel from Switzerland; the Sting reports live from World Economic Forum 2015 in Davos

EU-Turkey relations: Will Turkey manage to revive the EU accession process talks?

Armenia should take vigorous measures against entrenched corruption

Virtual Doctor: a core part of modern healthcare?

‘Jerusalem is not for sale’ Palestinian President Abbas tells world leaders at UN Assembly

G20 LIVE: G20 Leaders’ Communiqué Antalya Summit, 15-16 November 2015

Eurozone: Inflation plunge to 0.4% in July may trigger cataclysmic developments

World response to AIDS epidemic at a ‘critical juncture’

On International Youth Day the European Youth Forum calls for true youth participation

Time is running out to protect Africa’s forests

EU Commission: Growth first then fiscal consolidation

Plastic Oceans: MEPs back EU ban on polluting throwaway plastics by 2021

Chinese economy to raise speed and help the world grow

Why social working cultures are happier and more productive

Remembering Kofi Annan

Half of all mental illness begins by the age of 14

EU to increase spending and improve delivery of education in emergencies and protracted crises

An alternative view of Globalization 4.0, and how to get there

UN says ‘many humanitarian achievements’, one year after ouster of ISIL from Mosul

The movement of anti-vaccers: taking humanity back 200 years

Apple’s tax avoidance scheme remains as creative as their new iPhone

Europe turns out more jobs this summer

Politics still matter in the US but not in Europe

Mali: Presidential elections critical to consolidate democracy, says UN peacekeeping chief

Youth and Participation: are the people rising up in Spain? 


Legal Manager – 2050

How to provide health education and thus create better health systems

Road injuries leading cause of death for the young, despite safety gains: UN report

UN condemns ‘heinous’ suicide attack on education centre in Afghanistan

The shrinking Arctic ice protects us all. It’s time to act

New skills needed for medical students in Industry 4.0

Transition between education and employment: how the internship culture is threatening the foundations of our education

Eurozone: Retail sales and inflation point to recession

Why do medical curricula shouldn’t neglect the Sustainable Development Goals

Why medicine is relevant to the battle against climate change

Fisheries: Commission proposes measures to conserve stocks of deep-sea species in the North-East Atlantic

Syria: Guterres concerned over reported attacks in Idlib, calls for ‘full investigation’

Discovering Europe: Free EU rail pass for 18 year olds

Want a fairer society? This economist says he has the answer

The banks first to benefit from the new euro trillion ECB plans to print

These European countries produce the most plastic waste per person

Storms and snow in Lebanon worsen plight for Syrian refugees

Better protection against non-cash payment fraud

Can big events really go plastic-free? A water capsule made from seaweed may be the answer

‘Collective amnesia’ over causes of global financial crash – human rights expert

Superbugs: MEPs advocate further measures to curb use of antimicrobials

Why are the Balkans’ political leaders meeting in Geneva this week?

UN chief appoints Luis Alfonso de Alba as Special Envoy for the 2019 Climate Summit

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s