IMF says cyber attacks threaten financial stability

The International Monetary Fund (IMF) has warned the rising number of attacks on IT systems is threatening financial stability worldwide, with developing countries being particularly exposed.

Financial service organisations and banks are attacked more often than any other industry, IMF analysts and researchers said in a new report.

The sector is at risk from several types of attacks currently, including ransomware, business email compromise (BEC), phishing and social engineering but also disinformation and internet-disseminated nation state propaganda, IMF researchers said.

Successful cyber attacks can undermine financial stability by causing a loss of confidence in institutions if they suffer lengthy outages and data integrity is compromised, the 190-nation organisation said.

IMF cited the the Equifax data breach in 2017 as an example of loss of confidence.

Equifax lost over a third of its share market value following the announcement of the data breach, and competing credit reporting companies TransUnion and Experian stock fell by 13 percent and six percent respectively as well.

This year's distributed denial of service attack on the New Zealand stock exchange NZX network brought on trading halts due to a similar loss of confindence over market integrity concerns, IMF said.

This occurred despite the NZX trading systems remaining technically operational.

In such situations, investors and depositors could demand their funds returned, or attempt to cancel accounts, products and services they used.

Otherwise healthy financial institutions could be prevented from accessing their funds during cyber attacks, causing liquidity crises, IMF warned.

Compounding the financial stability concerns is the lack of easy substitution between providers of key services such as payments systems during cyber attacks.

Financial systems and technologies being interlinked is also a threat to stability, if for example a cyber attack calls into question the data integrity of a chain of transactions, the IMF said.

Interconnected technology could also exacerbate the risk of contagion from cyber attacks, within an economy as well as across borders.

Improving cyber security in the financial system should be a key public policy priority, IMF said.

Better information sharing is required, and also mapping of which technologies, services and connections are used between organisations in the financial sector.