Skip to Content

Central banks security an uncomfortable unknown as cyberattacks increase

Central banks security an uncomfortable unknown as cyberattacks increase

Central banks security an uncomfortable unknown as cyberattacks increase

YARMOUTH, Maine – As data breach becomes a daily occurrence across every connected industry, experts look nervously to central bank financial institutions for potential damage to international finance.

On September 14 the Bank for International Settlements (BIS) produced a working paper titled “Cyber risk in central banking” that examines the readiness and stance of those institutions as cyber crime grows. “While there have been several studies and surveys on cyber threats for the private sector – and firms in the financial sector in particular – little is known about central banks' assessment of cyber risk.” The report asserts.

In the second quarter of 2022 alone, there were roughly 52 million data breaches worldwide. Between losses and potential blackmail, the average cost of a single data breach averages out to $4.35 million dollars. In 2021 the BIS conducted a survey of 21 members in the central bank community to get an overview on the cyber risk assessment for these institutions. “It examines the following questions: What are central banks' main cyber concerns, and how do they see the threat landscape? What measures do they take to pre-empt or counter cyber attacks? And how do they assess the risks to and the readiness of the financial sector at large?” researchers wrote.

In their findings they reported that the banks see phishing and other social engineering as the most likely type of attack due to its broad range. Emerging Market Economies are less likely to be concerned about attacks against their supply chain versus their counterparts, however. “Costs from cyber incidents are multifaceted: central banks in AEs and EMEs alike assessed the financial loss from a cyber attack as significant, but the possible operational impact and associated reputational considerations (eg trust in the central bank or payment system) score as even higher concerns.” The paper states. Both banking groups agree that one of the main drivers of the attacks register from organized crime, Although EMEs are more concerned with activists where AE’s see the influence of state sponsored actors.

Of note the paper finds that since 2020 cybersecurity budgets for central banks have increased by 5%. Nearly a quarter of EME’s have increased their budget of upwards of 20% in that time, and more worryingly, one third of AE’s have not seen any changes in their budget. Given the rise of remote work and cloud-based computing in the past few years the need for enhanced security practices is evident.

The conclusion that most replies to the survey ultimately make is that at current the central banking system is unprepared for what’s happening. “Generally, respondents judge the preparedness of the financial sector for cyber attacks to be inadequate. While central banks in most EMEs provide a framework for the collection of information on cyber attacks on financial institutions, less than half of those in AEs do.” The paper concludes saying that cooperation among public authorities would go a long way to help improve the ability of central banks to respond to cyberattacks. “Finally, by providing a platform for collaboration between central banks, regulatory authorities, financial institutions, technology firms and cyber security experts, the BIS Innovation Hub aims to facilitate the development of specific projects to limit cyber threats for central banks and the broader financial sector.”

You can read the full working paper online at


To comment on this post, please log in to your account or set up an account now.