The Reserve Bank of Australia has highlighted cyber attacks as being a challenge for financial institutions. The report stated:
The Australian financial system has remained resilient through a tumultuous year for the economy and financial markets.
After a substantial decline in the first half of 2020, banks’ profitability recovered in the second half and analysts expect it to strengthen further in 2021. This has helped raise banks’ capital positions from already strong levels. Banks have abundant liquidity and funding. Measures of banks’ asset quality have deteriorated a little in recent months as loan repayment deferrals have come to an end and support for households and businesses has tapered. However, banks had increased their provision balances to absorb the impact of future defaults.
Available information also points to other financial institutions being resilient. The financial impacts of the pandemic tested the liquidity management of superannuation funds, but their systems proved effective in navigating this challenge (see ‘Box C: What did 2020 Reveal about Liquidity Challenges Facing Superannuation Funds?’). General insurers remain well capitalised and have increased their provisions for potential business interruption claims arising from the pandemic. However, the life insurance industry has to address longstanding issues that continue to result in losses. Financial market infrastructures have recently experienced some operational disruptions, underscoring the importance of continually assessing and improving their resilience.
There are a number of other longer-term challenges for financial institutions to manage. The risks posed by information technology (IT) malfunctions and malicious cyber attacks are growing and a significant event could threaten financial stability. Another challenge will be to manage the broad range of risks arising from climate change. These do not currently pose a substantial risk to financial stability, but they could over time if climate change risks to Australian financial institutions grow and are left unaddressed. And financial institutions need to continue to maintain a focus on governance and embed a healthy culture to address the misconduct that has become apparent over the past few years.
…………
Financial institutions need to carefully manage technology risks …
Risks to financial institutions’ IT systems – from both malicious attacks and malfunction – require ongoing attention and robust management, both globally (see ‘Chapter 1: The Global Financial Environment’) and domestically. These risks have grown as digital platforms and service channels become more ingrained and more complex and as a result of the increased incidence of remote working arrangements. They have recently been highlighted by a data breach involving a legacy file sharing service run by Accellion, a third-party technology provider, which affected a wide range of entities including ASIC and the Reserve Bank of New Zealand. The operational disruptions experienced by ASX in November (discussed above) also demonstrate the risks associated with technology malfunction. The constantly evolving nature of cyber risks means it is critical that financial institutions regularly update and upgrade their defences. In recognition of this, Australian regulators have a number of initiatives to support financial institutions’ efforts to strengthen cyber resilience (see ‘Chapter 4: Domestic Regulatory Developments’).
Cyber attacks and incidents are most likely to involve manageable financial losses for specific institutions, but they could have systemic implications in certain circumstances. To be systemic, the impact of cyber attacks and incidents would have to affect multiple institutions, either directly or indirectly. This could occur if they affect third-party providers or software used widely across the financial system. Similarly, if such an incident affected critical nodes, such as an FMI (including payment systems or CCPs) for a prolonged period it could directly impact the ability of firms and households to engage in economic activity and manage risk. The integrity of data is particularly important since it dictates the ability of banks to disburse funds or collect on monies due and, in the extreme, if violated it could raise questions about the institution’s solvency. More generally, any data breaches that cause consumers and creditors to lose confidence in the security of the financial system could see banks face liquidity challenges.
(Emphasis added)
What the RBA is saying is of course true. It has been said before. What is lacking is Read the rest of this entry »