Fears of a major cyber attack on banks have been rising since hackers successfully stole nearly $100 million from Bangladesh’s central bank in February 2016. Shortly after that incident, Russian central bank officials disclosed that hackers stole more than $31 million (two billion rubles) from the country’s central bank and commercial banks. SWIFT – the predominant messaging network used by banks – warned that these kinds of cyber attacks are set to rise.

In this article, we will look at how cyber security risks could lead to the next bank failure and what it means for the financial industry and consumers. (For more, see: SWIFT Attacks: Hackers Strike Again.)

Technological Vulnerabilities

The financial industry has struggled to keep pace with technological innovation, particularly given the extensive regulation governing its operation. While legacy technology may seem like just an inconvenience to consumers, it has become a major security risk for commercial banks, insurance companies and their consumers. At the same time, hackers have benefited from new technologies that make it easier to hack into these legacy banking systems.

For example, so-called two-factor authentication is a nearly bullet-proof way to secure consumer bank accounts. Banks send a temporary code to the consumer’s cell phone before allowing them to login, which means hackers would need access to both the computer and the cell phone to gain access to the account. Despite the effectiveness of the method, several major banks don’t use two-factor authentication to protect consumer bank accounts.

The Bangladesh bank heist also illustrated vulnerabilities in bank computer systems. According to SWIFT, relatively simple malware was detected on its clients’ (bank) computer systems targeting a PDF reader used to check statement messages. Hackers used the malware to bypass primary risk controls and initiate irrevocable funds transfer processes, while tampering with statements and confirmations that would normally act as secondary controls. (For more, see: SWIFT Reports More Cyber Breaches Since June.)

Impact of Cyber Attacks on Banks

Consumers have relatively little to lose from cyber attacks on banks, provided they weren’t lax about safeguarding their information and they quickly notify the bank if funds are missing. U.S. federal law requires banks refund customers if someone takes money from their account without authorization and they notify the bank within 60 days of the transactions appearing on their bank statement. Business accounts, however, have fewer protections and could be subject to greater losses.

Banks themselves have fewer assurances from the federal government that they would remain solvent if a major cyber attack were executed. According to some experts, the Financial Stability Oversight Council has largely failed to acknowledge and plan for cyber attacks that threaten the solvency of a major bank. These attacks could target bank processing systems and disrupt critical financial transactions needed to avoid margin calls, for example, triggering a default.

Professor Richard Benhman, chairman of Britain’s National Cyber Management Center, warned the BBC that “a major bank will fail as a result of a cyber attack in 2017 leading to a loss of confidence and a run on that bank.” Many banks already see millions of attempted attacks each year with modest losses resulting, but the precedent set by the SWIFT hack on central banks indicates that these attacks are rapidly becoming more sophisticated.

The Bottom Line

Cyber security has become a paramount concern for the banking sector, but some banks have been hesitant to implement much-needed security measures and regulators have been slow to develop a plan to address major attacks if and when they occur. Consumers may be able to recover their money under federal law, but some experts are concerned that the escalating attacks could render a major bank insolvent if successful, or at least create panic that leads to a run on a bank. (For more, see: How SWIFT Is Fighting Cyberfraud.)

Want to learn how to invest?

Get a free 10 week email series that will teach you how to start investing.

Delivered twice a week, straight to your inbox.