The risk of a bank failure from a major cyberattack is not far-fetched. Almost all financial institutions have experienced a cyberattack in one form or another, and the number of attacks is only increasing. Financial firms are 300 times more likely than other institutions to experience them, according to the Boston Consulting Group.
The increasing risk of cyberattacks and the potential impact on banks is a top concern for financial institutions and the government. Here is a look at how and why banks are at risk and what the effect of a cyberattack might be.
- The risk of major cyberattacks on banks is on the rise.
- Due to the interconnectivity of banks, the spillover risk of cyberattacks among banks is great and could impair the solvency of a financial institution.
- U.S. banks are particularly susceptible to state-sponsored cyberattacks.
- There was a spike in cyberattacks in the early stages of the COVID-19 pandemic in 2020.
The Rising Risk of Cyberattacks
Fears of a major cyberattack on banks have been rising since hackers successfully stole nearly $100 million from Bangladesh’s central bank in February 2016. Shortly afterwards, Russian central bank officials disclosed that hackers stole more than $31 million (2 billion rubles at the time) from the country’s central bank and commercial banks.
In testimony before the House Financial Services Committee in February 2020, when asked what he perceives as the greatest risk to the financial system, Federal Reserve Chair Jerome Powell named cybersecurity. “The thing that we worry about a lot is cyberattacks. I think we have a great game plan for traditional issues like bad loans and things like that. It’s more cyberattacks is really the frontier where you worry," Powell said.
Many banks already see millions of attempted attacks each year, resulting in modest losses, but hackers are rapidly becoming more sophisticated, making banks even more vulnerable to major attacks.
How Banks Are at Risk
In a report published in January 2020, the Federal Reserve Bank of New York says the risk of spillover effects from cyberattacks is high because the banking system is interconnected. The report suggests a cyberattack on any of the five most active U.S. banks could affect 38% of the network.
Experts warn U.S. banks are particularly susceptible to state-sponsored cyberattacks by countries including Russia, China, and North Korea. "State-sponsored hacking is the biggest threat to our financial sector because of the capacities that they can bring to bear,” Jamil Jaffer, founder and executive director of George Mason University’s National Security Institute, told the House Financial Services subcommittee on national security, international development, and monetary policy during a hearing in June 2020.
During the same hearing, Tom Kellermann, a member of a cybersecurity commission during the Obama administration who is now head of cybersecurity strategy at software company VMWare, warned of a major rise in cyberattacks on banks and other financial institutions during the 2020 crisis.
The rate of increase in cyberattacks against banks between February and April of 2020, according to a report by VMWare.
Impact of Cyberattacks on Bank Customers
Consumers have relatively little to fear from routine cyberattacks on banks, provided they haven’t been lax about safeguarding their information and notify their bank promptly when funds go missing. U.S. law requires banks to refund money taken from customers' accounts without authorization if the customer alerts the bank within 60 days of the transactions appearing on their bank statement. Business accounts, however, have fewer protections and could be subject to greater losses.
While bank deposits up to $250,000 are insured by the Federal Deposit Insurance Corporation (FDIC) for participating institutions, the banks themselves have no federal guarantee to solvency in the event of a major cyberattack. Such attacks could target bank processing systems and disrupt critical financial transactions.
The Bottom Line
Cybersecurity is a top concern for the banking sector. Consumers are likely to be able to recover their money under federal law, but some experts are concerned that escalating attacks could eventually threaten a big bank's solvency.