Global: IMF Report Reveals $12 Billion Lost by Financial Institutions to Cyberattacks in Two Decades

The International Monetary Fund (IMF) has reported that financial institutions globally have suffered losses totaling $12 billion due to cyberattacks over the past 20 years. This finding was highlighted in the IMF’s recent publication, the ‘Global Financial Stability Report, April 2024’. Notably, $2.5 billion of these losses occurred since 2020.

The report emphasizes the high susceptibility of the financial sector to cyber threats. It noted that around 20% of cyber incidents in the last two decades have targeted the financial industry, with banks being the most common victims, followed by insurance companies and asset managers.

The IMF’s analysis reveals that financial firms have faced substantial direct financial losses, accumulating nearly $12 billion in losses since 2004, with $2.5 billion of that total coming in the last four years alone.

According to the IMF, financial institutions in advanced economies, especially those in the United States, are more vulnerable to cyber threats compared to their counterparts in emerging markets and developing countries. The report uses the example of JP Morgan Chase, the largest bank in the US, which experiences around 45 billion cyber events daily. Despite spending $15 billion annually on cybersecurity and employing 62,000 technologists, many of whom are dedicated to combating cyber threats, the risks remain significant.

The IMF warns that cyber incidents pose crucial operational risks that could compromise the operational resilience of financial institutions and impact macroeconomic stability. It outlines three major channels through which a cyber incident can propagate macro-financial instability: loss of consumer and investor confidence, the absence of alternatives for the affected services, and the high degree of interconnectedness within the financial system.

In light of these findings, the IMF urges central banks and regulatory authorities worldwide to develop robust national cybersecurity strategies, bolstered by effective regulations and adequate supervisory frameworks to mitigate these risks.