Chapter 3: Cyber Risk: A Growing Concern for Macrofinancial Stability
Against a backdrop of growing digitalization, evolving technologies, and rising geopolitical tensions, cyber risks are on the rise. Chapter 3 shows that while cyber incidents have thus far not been systemic, the risk of extreme losses from such incidents has increased. The financial sector is highly exposed, and a severe cyber incident could pose macro-financial stability risks through a loss of confidence, disruption of critical services, and spillovers to other institutions through technological and financial linkages. While better cyber legislation and cyber-related governance arrangements at firms can help mitigate these risks, cyber policy frameworks remain generally inadequate, especially in emerging market and developing economies. Thus, the cyber resilience of the financial sector needs to be strengthened by developing adequate national cybersecurity strategies, appropriate regulatory and supervisory frameworks, a capable cybersecurity workforce, and domestic and international information-sharing arrangements. To allow for more effective monitoring of cyber risks, reporting of cyber incidents should be strengthened. Supervisors should hold board members responsible for managing the cybersecurity of financial firms and promoting a conducive risk culture, cyber hygiene, and cyber training and awareness. To limit potential disruptions, financial firms should develop and test response and recovery procedures. National authorities should develop effective response protocols and crisis management frameworks.