Some of the world’s central bankers don’t want to see their control of the global financial system threatened by cyberattacks. Not surprisingly, a few officials at the International Monetary Fund are faulting private companies and even national governments, and making the case for a more collaborative, global strategy.
Here’s the problem, the officials said in a recent blog post: the attacks are sophisticated, a lot of money is at stake, private companies are reluctant to acknowledge a breach, and because of their inexperience combatting such intrusions, they underestimate the risk and overestimate their ability to defend against it.
Firms can shift risk to third parties such as insurance companies or outside cybersecurity vendors. However, “These third parties may themselves become targets of hackers,” the IMF bloggers noted. “And if only a few insurers or cybersecurity vendors are in the marketplace, this concentration could become a source of systemic risk throughout the financial system.”
Then there is the concentration of information technology within the financial system, where firms use common operating systems and programs, cloud servers, and electronic network hubs. “Connections through interbank and transfer markets could allow shocks to spread quickly throughout the financial system,” said the officials. “The popularity of cyber insurance policies has created a fast-growing market, but the continuing buildup of cyber risk in the insurance sector can itself become a systemic risk.
“Cyber risk has no geographical borders, and the threat is global, so the role of international institutions is crucial. The time has come for governments to consider a coordinated response to systemic cyber risk,” they added. There is a clear role for the public sector, and international players like the Financial Stability Board and the Group of Seven might “help address some of the informational and cross-border coordination challenges presented by systemic cyber risk.”