On September 14, the Bank for International Settlements (BIS) published a Working Paper Cyber risk in central banking. In a context of increasingly frequent and sophisticated cyber attacks, the report sheds light on perspectives from the central bank community.
A successful cyberattack could lead to financial system failure, monetary and reputational cost, among others. The principal concerns for central banks include phishing / social engineering, ransomware and supply chain attacks.
Among the central bank respondents, few agreed that the financial sector is adequately prepared for cyber risks and the majority thought spending was too little.
Since 2020, most respondents increased spending by 5-10% in IT and main investment areas included security controls, business continuity and training staff. Respondents also highlighted priorities in developing incident response plans and integrated operational risk management. Skills shortage and third-party management also are key priorities.
Cooperation with other organisms for sharing intelligence and best practices will help central banks develop cyber programs that reduce cyber risks for central banks and develop resilience in the financial sector.