Global financial stability at risk due to cyber threats, IMF warns. Here's what to know

A trader at the New York Stock Exchange. Image: REUTERS/Andrew Kelly

Spencer Feingold
Digital Editor, Public Engagement, World Economic Forum
Johnny Wood
Writer, Forum Agenda
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: Centre for Cybersecurity
  • Cyber attacks in the financial sector pose a serious threat to global financial stability, according to a new IMF report.
  • The financial sector is uniquely exposed to cyber risk and resulting losses could cause major disruptions.
  • Cyber incidents "could threaten financial institutions’ operational resilience and adversely affect overall macrofinancial stability," the report states.

Global financial stability is under threat from the increasing frequency and sophistication of cyberattacks, according to a new report by the International Monetary Fund (IMF).

The risk of extreme losses from cyberattacks is also increasing, the report notes, leaving the financial sector uniquely exposed to cyber threats as operations involve vast amounts of sensitive data and transactions.

For financial institutions, the result of a cyberattack could mean funding challenges, reputational damage and could even lead to insolvency. Moreover, experts warn that for the wider financial sector, major attacks could undermine confidence in the system, disrupt critical services and spill over to other sectors.

Greater threat
Extreme losses from cyberattacks have increased four-fold since 2017. Image: IMF

In the past two decades, nearly one-fifth of reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial firms, according to the IMF’s Global Financial Stability Report. Since 2020, direct losses amounted to an estimated $2.5 billion.

"While largely recognized as leaders from a cyber maturity standpoint, financial institutions are as vulnerable to steady increase in the frequency and sophistication of cyberattacks as any other sector," said Akshay Joshi, the Head of Industry and Partnerships at the World Economic Forum's Centre for Cybersecurity.

The IMF report adds that banks are particularly targeted and that loss figures are likely much higher when indirect losses and reputational damage are considered.

"Cyber incidents are a key operational risk that could threaten financial institutions’ operational resilience and adversely affect overall macrofinancial stability," the report stated, adding that "while cyber incidents thus far have not been systemic, ongoing rapid digital transformation and technological innovation (such as artificial intelligence) and heightened global geopolitical tensions exacerbate the risk."

Attractive Target
The financial sector is a prime target for cyber criminals. Image: IMF

The IMF's report urges financial firms to boolster their cybersecurity capacity through efforts such as stress testing and information-sharing arrangements, among other recommendations. Moreover, the IMF calls on authorities to develop appropriate and adequate national cybersecurity strategies that are accompanied by regulatory frameworks.

"With the global financial system facing significant and growing cyber risks, policy and governance frameworks to mitigate the risks must keep pace," the report states.

The IMF also called for greater international cooperation around cybersecurity efforts, noting that cyberattacks often originate from outside a financial firm’s home country.

Growing cybersecurity gap

For financial institutions, securing the digital ecosystems is vital, experts maintain. Yet in the wider economy there are growing inequalities between organizations that are cyber resilient and those that aren’t, according to the World Economic Forum’s Global Cybersecurity Outlook 2024 report.

While large organizations have demonstrated gains in cybersecurity, the cyber resilience of small and medium enterprises (SMEs) has declined, the report found. In fact, there has been a 30% drop in the number of SMEs maintaining a minimum viable cyber resilience level despite making up the majority of companies in many countries.

Moreover, the Forum's report found that the disparity between the cybersecurity haves and have nots is being exacerbated by emerging technologies, with many SMEs being left behind as advanced technologies develop.

Cyber skills shortages

The Strategic Cybersecurity Talent Framework, a white paper from the World Economic Forum, found that efforts to meet cybersecurity objectives are being hampered by an ongoing skills shortage.

The framework found that there is a global shortage of 4 million cybersecurity professionals, with more than half of public organizations listing a lack of resources and skills as their biggest challenge to improving cyber resilience.

However, efforts are underway to mitigate the cyber skills shortage. The Forum’s Bridging the Cyber Skills Gap initiative, for instance, works to raise awareness amongst executives as well as establish processes that will help build sustainable cyber talent pipelines within organizations and across sectors.

"The case for global public-private cooperation has never been stronger – especially since attacks to the financial institutions can have large cascading effects to the wider economy and society," Joshi added.

Have you read?
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityFinancial and Monetary SystemsGlobal Risks
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024


About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum