The International Monetary Fund (IMF) has claimed that financial institutions globally lost a combined sum of $12 billion to cyber attacks over the last two decades.
IMF made this disclosure in a report titled, ‘Global Financial Stability Report, April 2024’.
The Bretton Wood institution pointed out that the financial sector as it stands is extremely exposed to cyber risk, adding that about one-fifth of the recorded cyber incidents in the past two decades have affected the financial industry, “with banks being the most frequent targets followed by insurers and asset managers”.
According to the IMF, the loss recorded by financial institutions since 2020 stood at $2.5 billion.
“Financial firms have reported significant direct losses, totaling almost $12 billion since 2004 and $2.5 billion since 2020.
Read Also: IMF Sanctions $820bn Aid For Egypt’s Economic Bailouts
“Financial institutions in advanced economies, particularly in the United States, have been more exposed to cyber incidents than firms in emerging market and developing economies.
“JP Morgan Chase, for example, the largest US bank, recently reported experiencing 45 billion cyber events per day while spending $15 billion every year and employing 62,000 technologists, many focused on cyber-security,” IMF stated.
According to IMF, cyber incidents, are key operational risks that could threaten the operational resilience of financial institutions and hurt overall macroeconomic stability.
“A cyber incident at a financial institution or at a country’s critical infrastructure could generate macro financial stability risks through three key channels: loss of confidence, lack of substitutes for the services rendered, and interconnectedness.
“While cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation (such as artificial intelligence) and heightened global geopolitical tensions exacerbate the risk,” the report added.
IMF said direct losses from cyber incidents reported by firms have thus far been generally modest but could become very large.
“Based on available data, the median reported direct loss to a firm from all cyber incidents has been about $0.4 million, and three-fourths of the reported losses are below $2.8 million.
“Although losses from malicious incidents have been more than five times as large as those from nonmalicious incidents, at around $0.5 million, the magnitude of losses in absolute terms has been generally modest as well.
“For example, most cyber extortions, such as ransomware attacks, or malicious data breaches have resulted in losses of up to $12 million.”
IMF said the distribution is, however, heavily skewed, with some occurrences imposing losses of hundreds of millions of US dollars,” the Bretton Wood institution said.