Increased interconnectivity in the financial sector and cyberattacks’ greater sophistication, makes this sector increasingly vulnerable to such attacks. A cyberattack on one major financial institution could send shockwaves through the whole financial sector and cause the next recession.
Cyberattack could Trigger Next Recession
Earlier in the week, the president of the European Central Bank (ECB), Christine Lagarde, delivered a speech in France. In the speech she stated attacks that destroy or encrypt the balance accounts of large financial institutions could trigger a liquidity crisis. Referring to the Global Financial Crisis (GFC) she said: “History shows that liquidity crises can quickly become systemic crises”. This in turn could lead to a recession.
Since the GFC of 2008, worldwide experts have been focusing on improving the banks’ capability of withstanding another financial disaster. However, they warn, should a cyberattack send the world economy into another recession, countries’ central banks may not be able to help. This is because banks are carrying higher debts. Also, the central banks have less room to lower interest rates, since these are already low, should an economic stimulus be needed.
Cost of Cyberattacks
According to Ms Lagarde, a report by the European Systemic Risk Board (ESRB) estimates the worldwide costs of cyberattacks between $45 bn and 654 bn.
Other sources predict that cybercrime will cost the world $6 trillion annually by 2021. To put this in perspective, in the last 20 years the greatest economic loss due to natural disasters was incurred in 2011. This was the year of the Japanese earthquake and tsunami. The total global costs due to natural disasters in 2011 was $374 bn.
How could Cyberattacks Cause the Next Recession
Studies have been carried out in the last couple of years looking into the possible effects of cyberattacks on the financial industry. One such study was conducted by the Brookings Institution, an American research group founded in 1916.
Brookings Institution’s investigation tried to answer the question of how cyberattacks could endanger the stability of the global financial system. According to the group’s resultant paper, cyberattacks could threaten the financial sector with three different types of attacks: slow burn, exacerbated and initiated attacks.
Three Possible Methods
With Slow Burn attacks cybercriminals use repeated, long-term, low-level disruptions to erode confidence in the market and key financial institutions. To achieve this, cybercriminals would usually use Distributed Denial-of-Service (DDoS) attacks.
Exacerbated attacks involve cyberattacks that take advantage of existing instability in the financial sector to cause a market crash. For example, a cyberattack during the GFC could have crashed the global stock or bond markets. During the GFC, “DDoS attacks could have disrupted email or phone communications and interfered with central bank lending programs or FDIC bank resolution execution, inciting further panic and bank runs. Adversaries might have released sensitive (or doctored) emails to enrage citizens and legislators over a bailout; or ransomware attacks on distressed firms could have disrupted the due diligence needed to ensure they could be bought, closed or saved,” explains the report.
Finally, initiated attacks are cyberattacks that actually cause a financial crisis. The aim of these types of attacks is to cause maximum economic harm by triggering market instability. Such attacks are highly sophisticated and require a high level of expertise. Consequently, they are more likely carried out by rogue nations or state-backed cybercriminal groups.