A new report from the International Monetary Fund (IMF) has argued that a cyber attack of sufficient size could cause a “cyber run”, an incident which would cause market sell-offs or a rush of customers withdrawing their money.

Though the report did not suggest that any such incident has happened yet, it said that “modest and somewhat persistent deposit outflows have occurred at smaller US banks after a cyber attack".

The report also highlighted how sufficiently serious cyberattacks have disrupted the economic functioning of countries in the past, for example, the December 2023 attack on the Central Bank of Lesotho.

The national payment system for the small country in Sub-Saharan Africa was frozen by the attack, preventing transactions by domestic banks.

The report also pointed to how in 2020, a software error disrupted the payment and settlement operation of the European Central Bank’s TARGET2 system for roughly 11 hours. This led to a complete failure of all payment transactions in the system.

The size of “extreme losses” from cyber attacks on the financial sector has quadrupled since 2017 according to the IMF's research.

The report recommended that to improve cyber resilience, “private incentives” may be insufficient to address cyber risk and that authorities “should develop an adequate national cybersecurity strategy.”

In addition, the IMF also outlined the significant impact which cyber attacks have already had on the financial sector

The IMF found that there have been 20,000 significant cyber attacks on financial institutions since 2004, causing roughly $12 billion in damages.

"Given the global nature and systemic implications of cyber attacks, cross-border coordination is crucial to mitigate cyber risks," said the report.

---