IMF’s Lagarde: Estimating Cyber Risk for the Financial Sector

IMF Managing Director Christine Lagarde delivers remarks to the media during a press conference regarding the IMF’s loan for Argentina in the form of a Stand-By Arrangement on Wednesday, June 20 at IMF Headquarters in Washington, D.C. Ryan Rayburn/IMF Photo

This story is brought to you in association with the International Monetary Fund

Written by Christine Lagarde, IMF’s Managing Director

Average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year (photo: Eti Ammos/iStock by Getty Images)

Cyber risk has emerged as a significant threat to the financial system. An IMF staff modeling exercise estimates that average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year, eroding bank profits and potentially threatening financial stability.

Recent cases show that the threat is real. Successful attacks have already resulted in data breaches in which thieves gained access to confidential information, and fraud, such as the theft of $500 million from the Coincheck cryptocurrency exchange. And there is the threat that a targeted institution could be left unable to operate.

Not surprisingly, surveys consistently show that risk managers and other executives at financial institutions worry most about cyber-attacks, as in the graphic below.

Financial sector’s vulnerability

The financial sector is particularly vulnerable to cyber-attacks. These institutions are attractive targets because of their crucial role in intermediating funds. A successful cyber-attack on one institution could spread rapidly through the highly interconnected financial system. Many institutions still use older systems that might not be resilient to cyber-attacks. And a successful cyber-attack can have direct material consequences through financial losses as well as indirect costs such as diminished reputation.

Recent high-profile cases have increasingly put cyber risk on the agenda of the official sector—including international organizations. However, quantitative analysis of cyber risk is still at an early stage, especially due to the lack of data on the cost of cyber-attacks, and difficulties in modeling cyber risk.

Cyber risk has emerged as a significant threat to the financial system.

A recent IMF study provides a framework for thinking about potential losses due to cyber-attacks with a focus on the financial sector.

Estimating potential losses

The modeling framework uses techniques from actuarial science and operational risk measurement to estimate aggregate losses from cyber-attacks. This requires an assessment of the frequency of cyber-attacks on financial institutions and an idea of the distribution of losses from such events. Numerical simulations can then be used to estimate the distribution of aggregate cyber-attack losses.

We illustrate our framework using a data set covering recent losses due to cyber-attacks in 50 countries. This provides an example of how potential losses for financial institutions could be estimated. The exercise is difficult and is made even more challenging by major data gaps on cyber risk. Moreover, thankfully, there has yet been no successful, large-scale cyber-attack on the financial system.

Our results should thus be considered as illustrative. Taken at face value, they suggest that average annual potential losses from cyber-attacks may be large, close to 9 percent of banks’ net income globally, or around $100 billion. In a severe scenario—in which the frequency of cyber-attacks would be twice as high as in the past with greater contagion— losses could be 2½–3½ times as high as this, or $270 billion to $350 billion.

The framework could be used to examine extreme risk scenarios involving massive attacks. The distribution of the data we have collected suggests that in such scenarios, representing the worst 5 percent of cases, average potential losses could reach as high as half of banks’ net income, putting the financial sector at risk.

Such estimated losses are several orders of magnitude greater than the present size of the cyber insurance market. Despite recent growth, the insurance market for cyber risk remains small with around $3 billion in premiums globally in 2017. Most financial institutions do not even carry cyber insurance. Coverage is limited, and insurers face challenges in evaluating risk because of uncertainty about cyber exposures, lack of data, and possible contagion effects.

The way forward

There is much scope to improve risk assessments. Government collection of more granular, consistent, and complete data on the frequency and impact of cyber-attacks would help assess risk for the financial sector. Requirements to report breaches—such as considered under the EU’s General Data Protection Regulation—should improve knowledge of cyber-attacks. Scenario analysis could be used to develop a comprehensive assessment of how cyber-attacks could spread and design adequate responses by private institutions and governments.

Further work is needed also to understand how to strengthen the resilience of financial institutions and infrastructures, both to reduce the odds of a successful cyber-attack but also to facilitate smooth and rapid recovery. There is also a need to build capacity in the official sector in many parts of the world to monitor and regulate such risks.

In sum, strengthening the regulatory and supervisory frameworks for cyber risk is needed, and efforts should focus on effective supervisory practices, realistic vulnerability and recovery testing, and contingency planning. The IMF is providing technical assistance to help member countries improve their regulatory and supervisory frameworks.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Featured Stings

“Working together to make a change at the COP 21 in Paris”, an article by Ambassador Yang of the Chinese Mission to EU

The Schengen area is at a crossroads

Will GDPR block Blockchain?

COP21 Breaking News: Conference of Youth Focuses on Hard Skills to Drive Greater Climate Action

State of the Union 2017: Juncker’s optimism about EU growth and Brexit’s impact

Emergency meeting called as Ebola spreads to Congolese city – UN health agency

Do academia and banks favour a new Middle Ages period?

China is the first non-EU country to invest in Europe’s €315 billion Plan

UN chief welcomes Taliban’s temporary truce announcement, encourages all parties to embrace ‘Afghan-owned peace’

These companies can recycle nearly anything, from cigarette butts to fax machines

A Trumpist squad shook Davos and the world

Contact the Sting

Does the EU want GMOs and meat with hormones from the US?

Is the EU’s enlargement over-stretched?

Why the 33,000 staff European Commission did not have a real contingency plan for the refugee crisis?

Nigel Farage and Boris Johnson: who forced the two ‘brave’ Brexiteers to quit?

Modern humanitarian aid at times of global crises

Is South Korea set to lose from its FTA with the EU?

Starbucks and FIAT again under Commission’s microscope: is Europe ready to kick multinationals out of the house?

Trump doesn’t only target Germany, aims to crack the entire EU

Breaking news: Juncker’s Commission mutant trojan horse is on the loose in Strasbourg

EU finally to extend sanctions on Russia despite arguments; Greece again in Europe’s spotlight

Investment, not debt, can kick-start an entrepreneurial Europe

It’s a week dedicated to all EU budgets; seven days that can make or break the Union

TTIP 9th Round marked by American disappointment: Will some optimism save this trade agreement?

The revenge of the fallen

WEF Davos 2016 LIVE: “Chinese economy has great potential, resilience and ample space for policy adjustment”, China’s Vice President Li Yuanchao reassures from Davos

Banks promise easing of credit conditions in support of the real economy

What living abroad does to your self-awareness

MWC 2016 LIVE: Ericsson/Cisco partnership on track, insist execs

A Sting Exclusive: “Leading by example! EU must push for UN deal to avoid dangerous climate change”, European Parliament Vice-President Ulrike Lunacek cries out from Brussels

Why banks escape from competition rules but not pharmaceutical firms

Intergenerational, intercultural, interactive – The 2015 edition of JADE’s Generations Club: Transforming Europe into an entrepreneurial society

Access to healthcare: what do we lack?

For Youth Rights: steps forward for better protection.

Why embracing human rights will ensure Artificial Intelligence works for all

The German banks first to profit from public subsidies of trillions

How the EU sees its own and Russia’s role in Ukraine

Syria: Why did the US-Russia brokered ceasefire collapse? What does the duo care for?

Ukrainian civil war: Is this the beginning of the end or the end of the beginning?

Latest tragedy in the Mediterranean claims over 100 lives – UN refugee agency

Historical success for the First ever European Presidential Debate

Early signs of growth in Eurozone?

ECB: A revolutionary idea to revitalize the European economy with cheap loans to SMEs

EU-Turkey deal on migrants kicked off but to who’s interest?

Europe enters uncharted waters with Kiev-Moscow standoff

EU: Tax evasion and fraud flourish under political protection

Jade Spring Meeting 2017 – day 2: Coporate workshops, general assembly and magna moment

Commission deepens criticism on German economic policies

Antitrust: Commission imposes binding obligations on Gazprom to enable free flow of gas at competitive prices in Central and Eastern European gas markets

MWC 2016 Live: Industrial world prepares to reap digital benefits

Community Manager – 1289

‘Free state aid’ for imprudent banks

G20 LIVE: G20 Antalya Summit in Numbers, 15-16 November 2015

Lagarde’s metamorphoses, not a laughing matter

Energy: new target of 32% from renewables by 2030 agreed by MEPs and ministers

Draghi’s 2018 compromise: enough money printing to revive inflation and check euro ascent

Youth employment crisis easing but far from over

Industry 4.0: Championing Europe’s fourth industrial revolution

Why do medical students have to emigrate to become doctors in 2017?

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s