…as global banks lose $12bn in 20 years
With financial institutions across the world losing a total of $12 billion to cyberattacks in the last 20 years, $2.5 billion of that sum being in the four years between 2020 and 2024, the International Monetary Fund (IMF) has stressed the need for central banks and authorities to develop an adequate national cybersecurity strategy in order to strengthen resilience in the financial sector.
The IMF, in its April 2024 Global Financial Stability Report, remarked that the rising trend of cyberattacks on global financial systems could dampen confidence in the financial system, thereby destabilising economies.
Cybercrime costs Nigeria $500 million per year, and includes hacking, identity theft, cyber terrorism, harassment, and internet fraud, according to the Nigerian Communications Commission (NCC).
In November last year, the Senate began reviewing and modifying the country’s Cybercrime (Prohibition and Prevention) Act of 2015, after raising an alarm over the country’s annual loss of $500 million due to cybercrime.
The Senate President, Godswill Akpabio, expressed his concerns at the start of a public hearing on the Cybercrime (Prohibition and Prevention) Act (Amendment) Bill, 2023, at the Senate Complex in Abuja.
“Financial firms have reported significant direct losses, totaling almost $12 billion since 2004 and $2.5 billion since 2020,” the IMF stated in the report.
It added that financial firms, given the large amounts of sensitive data and transactions they handle, are often targeted by criminals seeking to steal money or disrupt economic activity.
In its recommendations on how to stem cybercrime globally, the IMF said the national cybersecurity strategy to be developed by central banks and authorities across the world, accompanied by effective regulation and supervisory capacity, should encompass some key elements.
These include periodically assessing the cybersecurity landscape and identifying potential systemic risks from interconnectedness and concentrations, including from third-party service providers.
It should also include encouraging cyber “maturity” among financial sector firms, including board-level access to cybersecurity expertise, as supported by the chapter’s analysis which suggests that better cyber-related governance may reduce cyber risk.
Others include improving cyber hygiene of firms—that is, their online security and system health (such as antimalware and multifactor authentication)—and training and awareness; as well as prioritising data reporting and collection of cyber incidents, and sharing information among financial sector participants to enhance their collective preparedness.
“Attacks on financial firms account for nearly one-fifth of the total, of which banks are the most exposed. Incidents in the financial sector could threaten financial and economic stability if they erode confidence in the financial system, disrupt critical services, or cause spillovers to other institutions,” IMF stated.
“Cyber incidents that disrupt critical services like payment networks could also severely affect economic activity. For example, a December attack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks.
“Financial institutions in advanced economies, particularly in the United States, have been more exposed to cyber incidents than firms in emerging market and developing economies,” it said.
Citing the example of JPMorgan Chase, the IMF said the largest US bank recently reported experiencing 45 billion cyber events per day, while spending $15 billion on technology every year and employing 62,000 technologists – many focused on cybersecurity.
It said that cyber incidents are a key operational risk that could threaten financial institutions’ operational resilience and adversely affect overall macro financial stability.
The IMF observed that factors contributing to the rise in cyber incidents included the rapidly growing digital connectivity – accelerated by the COVID-19 pandemic, as well as increasing dependency on technology and financial innovation.
It said that geopolitical tensions may also be a contributing factor, considering the surge of cyberattacks after Russia’s invasion of Ukraine in February 2022.
“A cyber incident at a financial institution or a country’s critical infrastructure could generate macro-financial stability risks through three key channels: loss of confidence, lack of substitutes for the services rendered, and interconnectedness.
“While cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation such as artificial intelligence and heightened global geopolitical tensions exacerbate the risk.
“Recent significant cyber incidents—such as the ransomware attack on the US arm of China’s largest bank, the Industrial and Commercial Bank of China, on November 8, 2023, which temporarily disrupted trades in the US Treasury market—further underscore that cyber incidents at major financial institutions could threaten financial stability,” it said.
Noting that attacks often emanate from outside a financial firm’s home country and proceeds can be routed across borders, the IMF said international cooperation has also become imperative to address cyber risk successfully.
Meanwhile, the upscaled Nigerian National Identity Card project in the works by the Federal Government is said to display the instrumentation to strengthen identity verification and reduce financial crimes committed under false pretext.
This is on account of its layered identity verification features and the utility and unification that it will bring to identification, security, payment, credit, social development and governance systems, among others.
