Cyber attacks have the potential to threaten financial stability
Economic Commentaries, News Cyber attacks may affect financial stability and pose a systemic risk. Even in cases where the direct impact of the attack is limited, negative knock-on effects can spread further in the financial system and have serious consequences, for example in the form of a lack of confidence in the system. This reasoning is put forward by three members of staff at the Riksbank's Financial Stability Department in an Economic Commentary.
Vulnerability to cyber attacks has risen as the financial sector has become increasingly digitalised. In parallel, the number of advanced cyber attacks has also increased. Taken together, this increases the cyber risks for the financial sector.
Cyber risks are characterised by speed and scalability, where a cyber attack has the potential to spread rapidly and widely. They can thus pose a systemic threat. In the Economic Commentary, Riksbank staff members Luka Elestedt, Ulrika Nilsson and Carl-Johan Rosenvinge describe how a cyber attack on the financial sector or its critical service providers can directly affect financial stability, if the agent or agents affected are sufficiently critical and the impact of the attack is sufficiently serious. However, even indirectly, attacks can affect financial stability, for example, by having a decisive impact on public confidence in the financial system.
So what can be done to combat the cyber threat to the financial system? According to the authors, it is essential that every agent understands both what needs to be protected and what it needs to be protected against. Measures aimed at preventing and stopping cyber attacks need to be complemented by the ability to detect, respond and recover from them.
In order to improve resilience to cyber threats, long-term planning to reduce the vulnerability of the financial system and good coordination are important. This coordination should involve both private and public agents in the financial sector. In addition, both authorities with financial stability responsibilities and authorities responsible for cyber security should be involved so that the coordination leads to greater resilience.
By Lukas Elestedt, Ulrika Nilsson and Carl-Johan Rosenvinge. The authors works in the Riksbank’s Financial Stability Department.