Cyberattacks have more than doubled since the pandemic. While companies have historically suffered modest losses, some have reported more serious damages. The IMF’s Global Financial Stability Report (GFSR) which assesses key vulnerabilities the global financial system, highlighted that since 2020, the aggregated reported direct losses from cyber incidents have amounted to almost $28 billion (in real terms), with billions of records stolen or compromised. Total direct and indirect costs of these incidents, however, are most likely substantially higher. Estimates range from 1 to 10 percent of global GDP.
Recently Singapore has experienced an increase in cyber-attacks. In 2022 the Cybersecurity Agency of Singapore (CSA) reported 8,500 phishing attempts (banking, financial services and logistics sectors were most commonly spoofed) and 81,500 infected systems. And increased sophistication of cyber-criminals with AI-backed capabilities businesses are more vulnerable to these cyber threats. The Economist Intelligence Unit reported that the most common attacks that local businesses encounter are ransomware and data theft, primarily affecting MSMEs in the manufacturing and information technology sectors.Other sectors that are vulnerable to cyber-attacks are healthcare, telecommunications and hospitality. IMF pointed out that the financial sector is uniquely exposed to cyber risk. Financial firms—given the large amounts of sensitive data and transactions they handle. A severe incident at a financial institution could undermine trust and, in extreme cases, lead to market selloffs or runs on banks for example, a December attack at the Central Bank of Lesotho disrupted the national payment system.
According to an estimate of IMF financial sector has suffered more than 20,000 cyber attacks in the past 20 years amounting to over US$12 billion in losses. Banks and other financial systems rely on a variety of third party IT service providers, who can be susceptible to cyber attacks.
Strengthening financial sector agains cyber attacks
To strengthen financial sector resilience to these attacks authorities should invest in developing a national cybersecurity strategy. By periodically assessing the cybersecurity landscape and identifying potential systemic risks. Prioritising data reporting and collection of cyber incident is another point to be focused on.
Although cyber incidents are inevitable, it’s crucial for the financial sector to maintain the ability to provide essential business services amidst such disruptions. Therefore, financial firms should focus on crafting and rigorously testing response and recovery procedures, while national authorities must ensure the existence of robust response protocols and crisis management frameworks.