Financial Crime World

Here is the rewritten article in Markdown format:

Croatia’s Financial Sector Exposed to Rising Cybersecurity Threats

The COVID-19 pandemic has seen a staggering increase in cyberattacks, with more than double the number of incidents reported since 2017. While companies have historically suffered relatively modest direct losses from these attacks, some have experienced devastating consequences.

The Growing Risk of Extreme Losses

According to a recent chapter of the April 2024 Global Financial Stability Report, the risk of extreme losses from cyber incidents is growing exponentially. These losses could potentially lead to funding problems for companies and even jeopardize their solvency. The size of these extreme losses has more than quadrupled since 2017 to $2.5 billion, with indirect losses such as reputational damage or security upgrades substantially higher.

Financial Sector Vulnerability

The financial sector in Croatia is particularly vulnerable to cyber risk due to the large amounts of sensitive data and transactions it handles. Financial institutions are often targeted by criminals seeking to steal money or disrupt economic activity. Attacks on these institutions account for nearly one-fifth of all cyber incidents, with banks being the most exposed.

Consequences of Incidents

Incidents in the financial sector could have far-reaching consequences if they erode confidence in the system, disrupt critical services, or cause spillovers to other institutions. For instance, a severe incident at a financial institution could undermine trust and lead to market selloffs or runs on banks. Although no significant “cyber runs” have occurred thus far, modest and persistent deposit outflows have been observed at smaller US banks following a cyberattack.

Third-Party IT Service Providers

The reliance of financial firms on third-party IT service providers also poses a significant risk. While these providers can improve operational resilience, they can also expose the industry to systemwide shocks. For example, a 2023 ransomware attack on a cloud IT service provider caused simultaneous outages at 60 US credit unions.

Policy and Regulatory Response

In light of the growing cyber risks facing the global financial system, policymakers and regulators in Croatia must take immediate action to strengthen cybersecurity frameworks. Private incentives may be insufficient to address these risks, and public intervention may be necessary to ensure the resilience of the financial sector.

Recommendations for Strengthening Cybersecurity

To achieve this goal, authorities should:

  • Develop an adequate national cybersecurity strategy
  • Implement effective regulation and supervisory capacity
  • Periodically assess the cybersecurity landscape
  • Encourage cyber “maturity” among financial institutions
  • Improve cyber hygiene
  • Prioritize data reporting and collection
  • Promote international cooperation