Blog

Cyber Attack: Biggest Risk to the Financial Sector

Cyber Attack: Biggest Risk to the Financial Sector

Analysis

Cyber Attack: Biggest Risk to the Financial Sector

Cyber risk has emerged as a key threat to financial stability, following recent cyberattacks in the financial sector. This article discusses major 2020 Financial Institution cyber attacks, different cybersecurity compliance laws, and if you’re a financial institution, how to protect your organization?

2020 Financial Sector Cyber Attacks

Cybersecurity risks to the financial system have grown in recent years, in part because the cyber threat landscape is worsening; in particular, state-sponsored cyberattacks targeting financial institutions are becoming more frequent, sophisticated, and destructive. Below is the table showcasing major 2020 cyberattacks in the financial sectors.

InstitutionLocationMonth(Year 2020)Method/Type of Attack
European Central BankGermanyOctober 23Disruption
Vizom BankingBrazilOctober 19Malware
BetterSureSouth AfricaOctober 11Phishing
Japan Stock ExchangeJapanOctober 1Disruption
Hungarian BanksHungarySeptember 23DDoS
Russian BanksRussiaSeptember 23Ransomware
Chilean Banco EstadoChileSeptember 6Ransomware
CIH BankMoroccoAugust 28Skimmer
North Korean ‘BeagleBoyz’ Global CampaignWorld WideAugust 26Malware
New Zealand Stock ExchangeNew ZealandAugust 26DDoS
Experian South AfricaSouth AfricaAugust 19Data Breach
Canadian COVID-19 Relief FundCanadaAugust 15Theft
Dave Third Party Banking AppUnited StatesJuly 25Data breach
Twitter Accounts Hijacked for BitcoinUnited StatesJuly 15Theft
ArgentaBelgiumJuly 13Theft
Chinese tax softwareChinaJune 25Multiple
European BankEuropeJune 21DDoS
CoincheckJapanJune 4Data breach
Banco BCRCosta RicaMay 21Ransomware
Indian Mobile Banking AppsIndiaMay 14Malware
Norfund, Norway’s state investment fundNorwayMay 13Theft
dForce CryptocurrencyChinaApril 21Theft
Spanish BanksSpainApril 13Malware
South Korean and US Payment CardSouth Korea, United StatesApril 9Theft
Monte de Paschi BankItalyMarch 30Data breach
Square MilnerUnited StatesMarch 25Data breach
FinastraUnited KingdomMarch 20Ransomware
Australian BanksAustraliaFebruary 25DDoS
PayPalUnited States, GermanyFebruary 21Theft
Sub-Saharan African BanksAfricaJanuary 2Malware

Among cyber attacks in the above table, fraud and data breaches are more prevalent, yet business disruption is also significant. As per the ORX News dataset

In the Financial Sector cyber-attacks- fraud accounts for 43% of events, data breach 34% and disruption 23%. 

While business disruptions are known immediately, the other types of cyber-attacks can take place for months or years before being noticed and reported, which could lead to a downward bias in the dataset.

Data on cyber risk is notoriously scarce, since there is no common standard to record them, and firms have no incentives to report them.

Major Cybersecurity Compliance Law

United States

In the U.S.the current SEC guidance explains how and when firms should disclose the information to investors. However, there is scope to provide a framework to report cyber-attacks, which could better address existing data gaps.

Europe

In the European Union, the General Data Protection Regulation (GDPR), requires firms to report breaches to the competent supervisory authority within 72 hours. Failure to comply with the reporting requirements could lead to fines up to EUR 20 Mn or 4 percent of global annual turnover (whichever is higher).

Recent PSD2 rules modifying cashless payments have entered into force and are applicable throughout the EU, as well as within the EEA. Only payment services that comply with PSD2 could be used for purchases made on the Internet using bank cards. Those who will accept cashless payments will have to require two-factor authentication, thus making cybersecurity stronger.

The financial sector is highly exposed to cyber risk, across all types of countries. The below image shows the cross-country heterogeneity regarding cybersecurity, with most Advanced Economies and Emerging Markets having a high value of the cybersecurity index (above the median), while middle income and low-income countries tend to have lower values.

Cyber attack and financial sector - country wise

Sources: Factiva; and author’s calculations

According to a report among financial institutions, banks account for the bulk of the attacks (91 percent of the attacks), followed by insurance companies (7 percent). Among banks, retail banking activities (39 percent of the total) and credit card services (25 percent) were the main business lines targeted.

How can financial organizations protect themselves from cyber-attacks?

With the proper cybersecurity measures, financial organizations can avert themselves against probable cyber-attacks. This includes:

  • Undergoing periodic vulnerability assessment and penetration testing on a regular basis.
  • Limiting administrative access to only those employees who have an actual requirement.
  • One of the most effective methods to enhance cybersecurity is to conduct cybersecurity awareness and training for employees on a regular basis with the help of a security attack simulator and awareness tools. 

With proper adoption of the above cybersecurity measures, organizations become better at defending themselves against every possible cyber threat and thus protect their cyberinfrastructure.