IMF’s Lagarde: Estimating Cyber Risk for the Financial Sector

IMF Managing Director Christine Lagarde delivers remarks to the media during a press conference regarding the IMF’s loan for Argentina in the form of a Stand-By Arrangement on Wednesday, June 20 at IMF Headquarters in Washington, D.C. Ryan Rayburn/IMF Photo

This story is brought to you in association with the International Monetary Fund

Written by Christine Lagarde, IMF’s Managing Director

Average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year (photo: Eti Ammos/iStock by Getty Images)

Cyber risk has emerged as a significant threat to the financial system. An IMF staff modeling exercise estimates that average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year, eroding bank profits and potentially threatening financial stability.

Recent cases show that the threat is real. Successful attacks have already resulted in data breaches in which thieves gained access to confidential information, and fraud, such as the theft of $500 million from the Coincheck cryptocurrency exchange. And there is the threat that a targeted institution could be left unable to operate.

Not surprisingly, surveys consistently show that risk managers and other executives at financial institutions worry most about cyber-attacks, as in the graphic below.

Financial sector’s vulnerability

The financial sector is particularly vulnerable to cyber-attacks. These institutions are attractive targets because of their crucial role in intermediating funds. A successful cyber-attack on one institution could spread rapidly through the highly interconnected financial system. Many institutions still use older systems that might not be resilient to cyber-attacks. And a successful cyber-attack can have direct material consequences through financial losses as well as indirect costs such as diminished reputation.

Recent high-profile cases have increasingly put cyber risk on the agenda of the official sector—including international organizations. However, quantitative analysis of cyber risk is still at an early stage, especially due to the lack of data on the cost of cyber-attacks, and difficulties in modeling cyber risk.

Cyber risk has emerged as a significant threat to the financial system.

A recent IMF study provides a framework for thinking about potential losses due to cyber-attacks with a focus on the financial sector.

Estimating potential losses

The modeling framework uses techniques from actuarial science and operational risk measurement to estimate aggregate losses from cyber-attacks. This requires an assessment of the frequency of cyber-attacks on financial institutions and an idea of the distribution of losses from such events. Numerical simulations can then be used to estimate the distribution of aggregate cyber-attack losses.

We illustrate our framework using a data set covering recent losses due to cyber-attacks in 50 countries. This provides an example of how potential losses for financial institutions could be estimated. The exercise is difficult and is made even more challenging by major data gaps on cyber risk. Moreover, thankfully, there has yet been no successful, large-scale cyber-attack on the financial system.

Our results should thus be considered as illustrative. Taken at face value, they suggest that average annual potential losses from cyber-attacks may be large, close to 9 percent of banks’ net income globally, or around $100 billion. In a severe scenario—in which the frequency of cyber-attacks would be twice as high as in the past with greater contagion— losses could be 2½–3½ times as high as this, or $270 billion to $350 billion.

The framework could be used to examine extreme risk scenarios involving massive attacks. The distribution of the data we have collected suggests that in such scenarios, representing the worst 5 percent of cases, average potential losses could reach as high as half of banks’ net income, putting the financial sector at risk.

Such estimated losses are several orders of magnitude greater than the present size of the cyber insurance market. Despite recent growth, the insurance market for cyber risk remains small with around $3 billion in premiums globally in 2017. Most financial institutions do not even carry cyber insurance. Coverage is limited, and insurers face challenges in evaluating risk because of uncertainty about cyber exposures, lack of data, and possible contagion effects.

The way forward

There is much scope to improve risk assessments. Government collection of more granular, consistent, and complete data on the frequency and impact of cyber-attacks would help assess risk for the financial sector. Requirements to report breaches—such as considered under the EU’s General Data Protection Regulation—should improve knowledge of cyber-attacks. Scenario analysis could be used to develop a comprehensive assessment of how cyber-attacks could spread and design adequate responses by private institutions and governments.

Further work is needed also to understand how to strengthen the resilience of financial institutions and infrastructures, both to reduce the odds of a successful cyber-attack but also to facilitate smooth and rapid recovery. There is also a need to build capacity in the official sector in many parts of the world to monitor and regulate such risks.

In sum, strengthening the regulatory and supervisory frameworks for cyber risk is needed, and efforts should focus on effective supervisory practices, realistic vulnerability and recovery testing, and contingency planning. The IMF is providing technical assistance to help member countries improve their regulatory and supervisory frameworks.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Featured Stings

Schengen is losing ground fast revealing Europe’s clear inability to deal with migration crisis

Agriculture and Fisheries Council

European Commission presents comprehensive approach for the modernisation of the World Trade Organisation

Bram in Colombia

The Commission sees ‘moderate recovery’ but prospects deteriorate

Look Mom, even the House of Lords says the #righttobeforgotten is not right

EU’s Finance Ministers draft plan to raise tax bills of online giants like Google and Amazon

FROM THE FIELD: A UN peacekeepers-eye view of DR Congo

End ‘cycle of violence’ in Gaza, UN deputy chief tells forum on Palestine

AIESEC Vlog

The Next Web 2014, the biggest European conference on Internet so far and the Absence of Brussels from Amsterdam

The challenges of mental health among the Syrian medical students

European tourism remains a strong growth factor

Britain heading to national schism on exit from EU

Google case: A turning point in competition rules enforcement

The Sichuan Province of China presents its cultural treasure to the EU

YOUTH RIGHTS AT RISK FROM RISE OF EXTREME-RIGHT AND POPULISTS IN THE EUROPEAN PARLIAMENT

Lagarde’s metamorphoses, not a laughing matter

The EU spent €158 billion on vague, open-ended rural projects

Eurozone guarantees all banks with…taxpayers’ money

Trump’s trade war splits the EU; Germany upset with Juncker’s “we can be stupid too”

#Travelgoals: why Instagram is key to understanding millennial tourism

More than just a phone: mobile’s impact on sustainable development

IFMSA and IPSF on the Health of Migrants and Refugees

Connectivity and collaboration in the ICT industry: the key to socio-economic development

Parliament to ask for the suspension of EU-US deal on bank data

Alexandre in Czech Republic

Belgium: Youth Forum takes legal step to ban unpaid internships

Europe united in not supporting a US attack on Syria

Cocaine and opium production worldwide hit ‘absolute record highs’ – major threat to public health says UN study

Why will Paris upcoming “loose” climate change agreement work better than the previous ones?

Summer JADE Meeting 2015: We came curious, we left inspired

Why cities hold the key to safe, orderly migration

Prevention is key to ‘breaking the cycle of HIV transmission’, UN chief tells General Assembly

UN rights chief calls for international inquiry into Kashmir violations

Tax reforms accelerating with push to lower corporate tax rates

At global health forum, UN officials call for strong, people-focused health systems

2014 budget: The EU may prove unable to agree on own resources

Who may profit from the rise of the extreme right in the West?

NATO summit, Brussels, 11-12/07/2018

Galileo and EGNOS programmes back in orbit powered with €70 billion

The G7 adopted dangerous views about Ukraine and Greece

Businesses succeed internationally

UN agency warns conditions around Yemen’s key port city of Hudaydah still ‘very bad’, as staff rush to deliver aid

Russia – US in Syria: Selling Afrin to Turkey but facing off ruthlessly for Ghouta

GSMA Mobile 360 Series – MENA in Dubai, in Association with The European Sting

India’s agro-food sector has made strong progress, but a new policy approach is needed to meet future challenges, says new report by OECD and ICRIER

The opportunity of studying Medicine abroad

Journey of my life

ECB: Reaching the limits of its mandate to revive the Eurozone economy

COP21 Breaking News_03 December: Argentina Accepts KP Amendment

European Youth Forum warns of a Peter Pan generation as a result of financial crisis and response to it

Cancer research put at risk by General Data Protection Regulation? The possible dangers of a data privacy EU mania

Trump enrages the Europeans and isolates the US in G7

The EU Parliament slams Commission on economic governance

Torture is unacceptable and unjustified ‘at all times’ underscore top UN officials

EU Budget: InvestEU Programme to support jobs, growth and innovation in Europe

Senior UN children’s advocate says they ‘should never be targeted by violence’

A new global financial crisis develops fast; who denies it?

The great challenge of the 21st century is learning to consume less. This is how we can do it

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s