Could a cyberattack cause the next financial crisis?

As bushfires rage, ice caps melt and biodiversity collapses, we would all be forgiven for finding less and less time to worry about the threat posed by cyber warfare.

But, as the head of the ECB Christine Lagarde reminded us, that threat is very real and could even trigger the next global financial crisis.

We’ve seen an increasing number of attacks on companies this year with Travelex being the latest high-profile victim. Thousands of customers were left without access to their holiday money after hackers highjacked the foreign exchange firm’s computer systems, encrypted all of its data and demanded a ransom.

However, such incidents are largely down to companies storing increasingly valuable troves of customer data behind increasingly outdated or inadequate security; a bit like keeping a few gold bars in a padlocked shed. You can’t really complain when they go missing.

Travelex had been warned months before it was hit that its networks were vulnerable to the specific kind of attack that it fell prey to. It’s since worked overtime to limit and rectify the damage.

Travelex is far from being alone and attacks are becoming much more frequent. According to insurance company Hiscox, 61 per cent of companies were hit by hackers last year, up from 45 per cent the year before. The average cost of attacks also soared from $229,000 to $369,000.

Cybercrime cost the world $1 trillion in 2017, equivalent to around a third of the UK’s entire annual economic output and more than triple the bill for natural disasters, according to consultancy firm Olver Wyman.

Targeting of cyber attacks on organisations deemed to have done wrong – “hacktivism” – is also on the rise.

Perhaps most concerning is the increasing prevalence of state-backed hackers such as those that interfered in the 2016 US presidential election allegedly on behalf of Russia – and are likely to attempt something similar this year.

Some of the biggest recent attacks have been from North Korea’s state-sponsored groups, which the UN reckons made off with some $670m between 2015 and 2018.

Cyberattacks are believed to be conducted by a specialised corps within the North Korean military and form an important part of government policy.

But how might all of this escalate to the apocalyptic level that Lagarde envisages?

Cyberattackers are increasingly shifting their focus from extorting or stealing money to disrupting critical infrastructure which threatens to undermine confidence in the financial system.

According to Oliver Wyman’s report, a likely scenario would involve a rogue nation or terrorist group targeting banks, investment funds, the ATM network, the interbank messaging network known as Swift, or even the US Federal Reserve itself.

The damage could be substantial, the report warns. Cash machine networks could freeze, credit card and other payment systems could fail across entire nations, as happened to the Visa network in the UK in 2018.

“Online banking could become inaccessible: no cash, no payments, no reliable information about bank accounts. Banks could lose the ability to transact with one another during a critical period of uncertainty. There could be widespread panic, albeit temporary.”

This outcome can be averted, the report says, but it requires the financial services industry to coordinate its strategy and practice its collective response in advance in order to stop the system as a whole breaking down, as it did in 2008.

Regulators also need to coordinate across international boundaries to a degree that they have not always previously managed.