Financial Crime World

Here is the article in Markdown format:

Cyber Incident Costs Prove Elusive, But Significant

A recent report has highlighted the difficulty of establishing the exact costs of cyber incidents, but estimates suggest that they can be substantial. For instance, the average annual cost of cybercrime to firms in the banking and insurance industries in 2018 was estimated to be:

  • US$18 million for banks
  • US$16 million for insurance companies

In New Zealand, a study found that the average annual expected loss from cyber incidents in the banking and insurance sectors could range from:

  • 2-3% of net profits per year
  • With a 5% chance that costs could exceed 25% of net profits

However, these figures only account for publicly known incidents that have been contained. The potential costs associated with a systemic cyber incident are likely to be much higher.

Institutional Resilience

Fortunately, the financial sector has made significant strides in bolstering its resilience to cyber threats. Regulatory bodies and institutions have devoted more resources to cybersecurity, developing compliance frameworks and investing in IT skills.

  • Banks have increased their investment in managing cyber risk
  • Establishing crisis management teams and engaging in simulation exercises to test their response to attacks
  • The Council of Financial Regulators (CFR) has developed a domestic cyber-attack protocol to coordinate efforts during significant threats or attacks

Financial Market Infrastructures

The cyber resilience of financial market infrastructures (FMIs), such as:

  • High-value payment systems
  • Central counterparties
  • Securities settlement facilities

is critical given their role in the smooth functioning of specific parts of the financial system. The Australian Government and regulators are working to increase their resilience through initiatives such as:

  • Regular assessments
  • Identifying areas for improvement

Global Regulatory Coordination

The borderless nature of cyber risks requires a coordinated effort across jurisdictions to identify risks, promote resilience, and respond to international disruptions. Examples of this work include:

  • Joint response protocols with agencies in New Zealand
  • Guidance on oversight of financial institutions’ reliance on critical service providers
  • Simulated cyber-attack exercises on the global financial system

As the world continues to grapple with the complexities of cybersecurity, it is clear that a coordinated effort across industries and jurisdictions is necessary to mitigate the risks associated with cyber incidents.