Building Blocks for Strengthening Cyber Resilience of the Financial Sector—Challenges and the Way Forward
December 6, 2021
Thank you, Tobias, for your kind introduction.
It’s a great pleasure to welcome everyone here today to the fifth annual Cybersecurity Workshop. This year, the workshop will focus on the threat posed by cyber risks to the global financial system, as well as the need for concerted action to strengthen our collective abilities to manage these risks and maintain the security and integrity of the financial system.
At the outset, I would like to thank the Financial Sector Stability Fund for their outstanding contribution in making this week’s workshop possible. I’d also like to recognize the diverse group of speakers who will bring tremendous expertise to these discussions. They represent industry, academia, central banks, and supervisory agencies.
Digital technology touches virtually every aspect of life today: social interaction, healthcare, political engagement, and economic decision-making. Digital connectivity permeates it all. And our dependence on this connectivity is growing. Greater reliance on digital networks naturally makes us more interdependent on one another. As the new, shared digital space evolves, it becomes more important to develop a common set of “building blocks” to address systemic risks.
Let me touch on three key points.
First, cyber resilience is not an isolated issue. It is part of a much broader transformation across society driven by information and communication technologies. We can see the impact of technology shifting away from improving efficiency and moving toward enabling the transformation of business operations and social interaction.
Second, cyber resilience is not a one-dimensional issue. Cyber resilience raises a range of issues that are varied and quite distinct from one another. The challenges are multi-dimensional.
Retail fraud, organized crime, invasions of personal privacy, intellectual property violations, terrorism, and extreme activism happen in very different ways. And different governance mechanisms—such as institutions, treaties, regulations and market mechanisms—must evolve to deal with each of them. Of course, part of the challenge of the virtual world is that these governance mechanisms in their current form are not fully developed. Designed in a pre-digital world, they move too slowly and ignore the interdependencies we find in the digital age.
Third, and most critical, cyber resilience is a societal issue. From the digitally enabled car to smart cities. From energy infrastructure to air travel. And from cashless banking to on-the-spot market prices for farmers in developing economies. Humankind is witnessing an explosion of innovation in technology. From an economic perspective, the web of global economic interconnections is growing deeper, broader, and more intricate; computing and digitalization are becoming increasingly pervasive and touching virtually every aspect of our daily lives. Intellectually, this new era is defined by data flows that transmit information, ideas, and innovation. Digital platforms are creating more efficient and transparent global markets in which far-flung buyers and sellers find each other with a few clicks. Today, mobile phones are readily available, have more computing power than traditional computers, and have changed society and its interactions possibly as never before.
As technology becomes further ingrained in our daily lives, enhancing cyber resilience becomes more dependent on people’s behavior and societal choices than technology itself. The phenomenon has massive potential to generate economic activity and wealth. And many of the gains in recent years have derived directly from global digital connectivity.
All three of these points that I’ve highlighted must be considered within the evolving “threat landscape.” The expansion of cyberspace and new technology has increased the scope and severity of potential cyber attacks. The increasing digitalization of financial services, in combination with the presence of high value assets and data, make the financial system a prime target. The high level of interconnectedness across financial institutions, financial markets, and financial market infrastructure creates vulnerabilities. In particular, the interdependencies of IT systems create a potential vulnerability wherein a localized cyber incident could quickly spread across markets and jurisdictions.
Cyber attacks can threaten financial stability by disrupting interconnected operational networks and their critical nodes. The attacks can result in the loss of data, as well as the collapse of entire systems along with their critical infrastructure. COVID-19 has increased economic and business uncertainty, and thereby, exacerbated these risks. And 2021 has been a watershed moment for increased supply chain and ransomware attacks.
With all these challenges and questions facing us, how can we best address them?
Let me describe some of the potential next steps.
None of these challenges can be overcome through singular actions. We need to develop a clear set of actions across priority areas. We can think of these as building blocks that need to be operationalized in an integrated and coherent manner. Together these building blocks will be a line of defense to help us address systemic risks.
To foster technology innovation, and continue to reap value from it, an entire cyber resilient ecosystem is needed. For this, we need to ensure that there is a clear strategy and appropriate governance structures in place. We need to foster sound regulation and supervision. We also need to address deficits in our cyber workforce. And we need to build capacity and skills to equip our next generation to tackle these complex problems and create bigger, better opportunities.
As with other global challenges, a collective effort will be critical. Both public- and private-sectors will need to come together to tackle common problems, such as data recovery. They will also need to work together and utilize new and transformational technologies and data to strengthen our overall cyber resilience. Working across borders, we will need to share information regionally and globally, and we will need to develop a common language for incidents so we can tackle them in a common, united manner. We need to manage risks borne from the supply chain, which we all increasingly depend on. And we need to galvanize the law enforcement and intelligence agencies, financial institutions and financial authorities, to work together in deterring cybercriminals.
By applying these effectively, we should find ourselves to be well placed to reap the benefits of our digital transformation in this hyperconnected world.
And on this positive note, let me once again extend a sincere welcome on behalf of the IMF to all of you. I wish you great success in your efforts this week, as you consider these wide-reaching challenges and questions.
With so many great minds working together, I’m confident your discussions this week will help devise the building blocks needed to protect the integrity of your financial systems.
And this, in turn, will help better support your economies, your societies, and your citizens, as well as the global financial system we all share.
Thank you.