Cyberattack biggest threat against U.S. financial system


When asked during congressional testimony last week, Federal Reserve Chairman Jerome Powell, who was appearing in front of the House Committee on Financial Services, told lawmakers that the number one threat to the stability of the U.S. financial system is its ability to respond and mitigate a large-scale cyberattack against the financial system.

“The clear answer to me would be cyber risk,” Powell said in response to a question from Rep. Jim Himes, D-Conn. Himes asked Powell what unnoticed threats may be lurking. Powell added that the current state of the threat is about normal, but that Congress should double down on possible remedies.

Powell also said that banks should update their protections and improve their security hygiene. The risks to the financial system have gained renewed interest recently, along with the rising concerns of nation-state hacking and similar capabilities against the critical infrastructure.

Last month, Christine Lagarde managing director of the International Monetary Fund wrote about estimating cyber risk for the financial sector in an IMF blog post. Based on a recent IMF study, Lagarde estimated potential annual losses from cyberattacks against the financial sector could reach about 9 percent of banks’ net income globally, or $100 billion. “In a severe scenario — in which the frequency of cyber-attacks would be twice as high as in the past with greater contagion — losses could be 2½-3½ times as high as this, or $270 billion to $350 billion,” she wrote.

According to her post, the modeling framework uses techniques from actuarial science and operational risk measurement to estimate aggregate losses from cyber-attacks. “This requires an assessment of the frequency of cyber-attacks on financial institutions and an idea of the distribution of losses from such events. Numerical simulations can then be used to estimate the distribution of aggregate cyber-attack losses,” Lagarde wrote.

The losses are based on real-world recent losses from cyberattacks in 50 countries. “The framework could be used to examine extreme risk scenarios involving massive attacks,” she wrote. “The distribution of the data we have collected suggests that in such scenarios, representing the worst 5 percent of cases, average potential losses could reach as high as half of banks’ net income, putting the financial sector at risk.”

While there have yet to be any real-world losses stemming from wide-scale cyberattacks on the financial sector, more observers in industry and government are growing concerned.

In a survey conducted by the Depository Trust and Clearing Corporation and published as the DTCC Systemic Risk Barometer More, than a third (36 percent) of survey respondents view cyber risk as the number one threat to the broader economy in 2018, with 78 percent of respondents ranking it as a top 5 risk — a 7 percent increase from the previous survey.

“Cyber risk continues to intensify across all sectors of the financial ecosystem, and it’s becoming increasingly clear that no area is immune to this threat,” Michael Leibrock, DTCC’s Chief Systemic Risk Officer, said in a news release. “As a result, it is critical that firms prepare response plans, maintain playbooks and practice cyber-attack simulations as key components of their risk management efforts,” he added.

On those points, I don’t think many would disagree.


  1. Ronald Sonntag says:

    Nice write up and interesting. What I find as a glaring fact, that isn’t called out, is that these risks to banks and financial stability are almost all a consequence of centralized authority. Of recent note was the successful recent presentation of blockchain technologies to Congress and the European acceptance of cryptocurrencies as an alternative to native currencies. I would add that many banks are seriously looking at blockchain implementations to manage money transfers and even accounts. The successful implementation of a public, or, at least a widely distributed (nodes) blockchain would virtually eliminate these cyber attacks from having any serious effect. Of course, Banks and other financial institutions may have to contend with the highly possible disruptive impact blockchains may have on their revenue models given that de-centralization is the whole point.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: