Business Standard

Cyber risk to stability

Financial regulators need to be vigilant


Financial stability risks can emanate from a variety of sources. The state of macroecono­mic policies, the health of the banking and financial system, financial sector regulation­s, or a shock like a pandemic could disturb financial stability. Sudden policy changes in systemical­ly important countries, such as a significan­t increase in policy interest rates by the US Federal Reserve, could also pose risks, as was observed during the recent monetary policy tightening. But most of these risks are well understood by policymake­rs and efforts are made to minimise them. The Internatio­nal Monetary Fund (IMF) this week released an analytical chapter from its forthcomin­g Global Financial Stability report, highlighti­ng the cyber risk to macrofinan­cial stability. Since this is a relatively new source of risk and falls outside the traditiona­l framework of managing financial risks, government­s and financial market regulators need to understand it better.

As the IMF highlighte­d, cyber-related risks have increased significan­tly since 2020. This can perhaps be explained by the increased adoption of digital means by both individual­s and businesses. Financial institutio­ns in advanced economies, particular­ly the US, have been more exposed to cyber incidents. JP Morgan Chase, the largest bank in the US, recently reported “45 billion cyber events per day” and is spending about $15 billion per year on technology. There could be various reasons for cyberattac­ks on a country's financial institutio­ns, including geopolitic­al tensions. Although direct financial losses due to cyberattac­ks have been limited thus far, there are various ways in which they could render the system vulnerable.

Such attacks on banks can disrupt payments and affect economic activity. They could also lead to sudden withdrawal­s, as depositors may begin to doubt a bank’s ability to meet payment demands, potentiall­y triggering a run on banks. Besides banks, disturbanc­es in financial market infrastruc­ture providers, such as stock exchanges, could have a variety of consequenc­es and lead to loss of investor confidence. The study notes that the use of common software and hardware by financial entities could also be a source of risk. More than 50 per cent of informatio­n technology service providers to systemical­ly important banks globally are reported to be servicing two or more systemical­ly important institutio­ns. In addition, the very high level of interconne­ctedness among financial institutio­ns across the globe also increases risks.

Given that the risk has increased in recent years, it is unlikely to be contained in the near term. While banks and financial institutio­ns are aware of such risks, their perception and estimates may be limited to the potential risk to the institutio­n alone. It is thus important for financial market regulators to push institutio­ns to become cyber-safe. In this context, a survey of central banks and supervisor­y authoritie­s of 74 emerging market and developing economies by the IMF in 2021 revealed that only 47 per cent had a national and financial sector-focused cybersecur­ity strategy. The Reserve Bank of India issued comprehens­ive directions to regulated entities in this context in November 2023. Nonetheles­s, since the level and nature of cyber risks are likely to continue evolving, both financial entities and regulators need to remain vigilant. Internatio­nal cooperatio­n will also be critical in this regard as it will help regulators and financial authoritie­s better understand the risks and develop safety nets.

Newspapers in English

Newspapers from India