Could a cyber attack cause a systemic impact in the financial sector?

Quarterly Bulletin 2018 Q4
Published on 21 December 2018

By Phil Warren (Bank of England), Kim Kaivanto (Lancaster University) and Dan Prince (Lancaster University).

  • There is not a uniform view of the link between cyber risk and systemic risk: some assume a direct link whereas others query the connection.
  • Beyond nation states, the vast majority of independent cyber attackers are currently unlikely to have the capability to systemically impact the financial sector.
  • The financial sector has a large number of environmental features which are conducive to a systemic cyber compromise.
  • There are no current examples of systemic cyber risk crystallising and impacting the real economy but this does not prove an absence of risk.
  • We conclude there is a credible case to link cyber risk to systemic risk in the financial sector.
  • Recommendations for future consideration include:
    – Further development of the intelligence-led approach to cyber security. 
    Policy responses that seek to cut through sectoral, geographical and public/private boundaries. 
    Organisations should accept that compromises are likely to happen and therefore prioritise response and recovery activities.
    Undertake further studies to better understand the relationship between data integrity and authenticity, trust in financial services and the potential for real-economy impact via a cyber attack. 
    A specific focus on risks associated with third-party dependencies.

PDFCould a cyber attack cause a systemic impact in the financial sector?

Was this page useful?
Add your details...