The risk of a bank failure from a major cyberattack is not far-fetched. Almost all financial institutions have experienced a cyberattack in one form or another, and the number of attacks is only increasing. Financial firms are 300 times more likely than other institutions to experience them, according to the Boston Consulting Group.
The increasing risk of cyberattacks and the potential impact on banks is a top concern for financial institutions and the government. Here is a look at how and why banks are at risk and what the effect of a cyberattack might be.
- The risk of major cyberattacks on banks is on the rise.
- Due to the interconnectivity of banks, the spillover risk of cyberattacks among banks is great and could impair the solvency of a financial institution.
- U.S. banks are particularly susceptible to state-sponsored cyberattacks.
- There was a spike in cyberattacks in the early stages of the COVID-19 pandemic in 2020.
The Rising Risk of Cyberattacks
Fears of a major cyberattack on banks have been rising since hackers successfully stole $81 million from Bangladesh’s central bank in February 2016. Shortly afterward, Russian central bank officials disclosed that hackers stole more than $31 million (2 billion rubles at the time) from the country’s central bank and commercial banks.
In testimony before the House Financial Services Committee in February 2020, when asked what he perceives as the greatest risk to the financial system, Federal Reserve Chair Jerome Powell named cybersecurity. “The thing that we worry about a lot is cyberattacks. I think we have a great game plan for traditional issues like bad loans and things like that. It’s more cyberattacks is really the frontier where you worry," Powell said.
Many banks already see millions of attempted attacks each year, resulting in modest losses, but hackers are rapidly becoming more sophisticated, making banks even more vulnerable to major attacks.
How Banks Are at Risk
In a report published in January 2020 and revised in 2021, the Federal Reserve Bank of New York says the risk of spillover effects from cyberattacks is high because the banking system is interconnected. The report suggests a cyberattack on any of the five most active U.S. banks could affect 38% of the network.
Experts warn U.S. banks are particularly susceptible to state-sponsored cyberattacks by countries including Russia, China, and North Korea. "State-sponsored hacking is the biggest threat to our financial sector because of the capacities that they can bring to bear,” Jamil Jaffer, founder and executive director of George Mason University’s National Security Institute, told the House Financial Services subcommittee on national security, international development, and monetary policy during a hearing in June 2020.
The number of financial institutions that experienced an increase in destructive cyberattacks from 2021 to 2022.
Impact of Cyberattacks on Bank Customers
Consumers have relatively little to fear from routine cyberattacks on banks, provided they haven’t been lax about safeguarding their information and notify their bank promptly when funds go missing. U.S. law requires banks to refund money taken from customers' accounts without authorization if the customer alerts the bank within 60 days of the transactions appearing on their bank statement. Business accounts, however, have fewer protections and could be subject to greater losses.
While bank deposits of up to $250,000 are insured by the Federal Deposit Insurance Corporation (FDIC) for participating institutions, the banks themselves have no federal guarantee of solvency in the event of a major cyberattack. Such attacks could target bank processing systems and disrupt critical financial transactions.
How Do Cyberattacks Affect Banks?
Cyberattacks affect banks in many ways. In addition to the monetary loss that results from hackers stealing money from banks, banks incur additional costs in implementing cybersecurity to protect assets. Furthermore, cyberattacks decrease the trust that customers have in institutions. If they believe their money will be stolen, they trust banks less to protect their money. Cyberattacks also interrupt the operations of banks, wreaking havoc across the institution and how it operates fundamentally.
How Much Do Banks Lose to Cyberattacks?
According to a 2022 IBM Cost of a Data Breach Report, financial organizations averaged $5.97 million per breach.
What Are the Main Threats That Banks Face From Cyberattacks?
Some of the main threats/methods used against banks in cyberattacks include ransomware, phishing, trojans, and spoofing.
The Bottom Line
Cybersecurity is a top concern for the banking sector. Consumers are likely to be able to recover their money under federal law, but some experts are concerned that escalating attacks could eventually threaten a big bank's solvency.