The risk of a bank failure from a major cyberattack is not far-fetched. Almost all financial institutions have experienced a cyberattack in one form or another, and the number of attacks is only increasing. Financial firms are 300 times more likely than other institutions to experience them, according to the Boston Consulting Group.
The increasing risk of cyberattacks and the potential impact on banks is a top concern for financial institutions and the government. Here is a look at how and why banks are at risk and what the effect of a cyberattack might be.
- The risk of major cyberattacks on banks is on the rise.
- Due to the interconnectivity of banks, the spillover of cyberattacks on other banks is great and could impact the solvency of a financial institution.
- U.S. banks are particularly susceptible to state-sponsored cyberattacks.
- There has been a spike in cyberattacks during the COVID-19 pandemic.
The Rising Risk of Cyberattacks
Fears of a major cyberattack on banks have been rising since hackers successfully stole nearly $100 million from Bangladesh’s central bank in February 2016. Shortly afterwards, Russian central bank officials disclosed that hackers stole more than $31 million (two billion rubles at the time) from the country’s central bank and commercial banks.
In testimony before the House Financial Services Committee in February 2020, when asked what he perceives as the greatest risk to the financial system, Federal Reserve Chair Jerome Powell said cybersecurity. “The thing that we worry about a lot is cyberattacks. I think we have a great game plan for traditional issues like bad loans and things like that. It’s more cyberattacks is really the frontier where you worry," Powell said.
Many banks already see millions of attempted attacks each year, resulting in modest losses, but hackers are rapidly becoming more sophisticated, making banks even more vulnerable to major attacks.
How Banks Are at Risk
In a report published in January 2020, the Federal Reserve Bank of New York claims that because of the interconnectivity of banks, the spillover effect of cyberattacks is great. The report maintains that a cyberattack on any of the five most active U.S. banks could affect 38% of the network. The report also found that cyberattacks on six small banks with less than $10 billion in assets could threaten the solvency of one of the top five U.S. banks.
Experts also warn that U.S. banks are particularly susceptible to state-sponsored cyberattacks coming from countries including Russia, China, and North Korea. "State-sponsored hacking is the biggest threat to our financial sector because of the capacities that they can bring to bear,” Jamil Jaffer, founder and executive director of George Mason University’s National Security Institute, told the House Financial Services subcommittee on national security, international development, and monetary policy during a hearing in June 2020.
During the same hearing Tom Kellermann, a member of a cybersecurity commission during the Obama administration who is now head of cybersecurity strategy at software company VMWare, warned of a major rise in cyberattacks on banks and other financial institutions during the COVID-19 pandemic.
The spike in cyberattacks against banks between February and April of 2020, according to a report by VMWare.
Impact of Cyberattacks on Bank Customers
Consumers have relatively little to lose from cyberattacks on banks, provided they haven’t been lax about safeguarding their information and they quickly notify the bank if funds are missing. U.S. federal law requires banks to refund customers if someone takes money from their account without authorization and they notify the bank within 60 days of the transactions appearing on their bank statement. Business accounts, however, have fewer protections and could be subject to greater losses.
Banks themselves have fewer assurances from the federal government that they would remain solvent if a major cyberattack were executed. These attacks could target bank processing systems and disrupt critical financial transactions needed to avoid margin calls, for example, triggering a default.
The Bottom Line
Cybersecurity is a top concern for the banking sector. Consumers may be able to recover their money under federal law, but some experts are concerned that the escalating attacks could render a major bank insolvent if successful, or at least create a panic that leads to a run on a bank.