RBA flags ‘inevitable’ significant cyber attack on financial institutions

RBA flags ‘inevitable’ significant cyber attack on financial institutions

Comes as cyber incidents affecting the financial industry are on the rise.

Credit: RBA

The Reserve Bank of Australia (RBA) has warned that a significant cyber attack on a financial institution is “inevitable”, potentially providing managed security service providers (MMSP) with the opportunity to assist.

In the central banking authority’s Financial Stability Review report for October, the RBA claimed the number of cyber attacks on financial institutions is on the rise, coinciding with the increase of remote working and electronic financial services during the pandemic. 

One opportunity for MSSPs lies in the protection of financial institutions' confidential information, as the report said if such information was compromised, this could "lead to severe reputational damage and reluctance from market participants to extend liquidity or credit".  

Additionally, the overall financial system's level of interconnectedness also has the potential to transmit cyber incidents from one chain to another, the report claimed. As such, MSSPs could be introduced to reduce the overreliance on such systems.

“For example, several banks may rely on real-time payments from a major participant in the wholesale settlement system, which if incapacitated for a prolonged period of time could put pressure on intraday liquidity," the report said. 

"In addition, an inability to substitute away from a key institution or service provider could cause severe operational disruptions at other institutions along the supply chain.” 

This is despite the Bank claiming that large financial institutions typically have strong cyber security measures. 

“Given the very large number of attacks, it seems almost inevitable that at some point the defences of a significant financial institution will be breached," the report said. 

“Whether such an attack could result in systemic financial instability will depend not only on the part of the financial institution or system impacted and potential network effects, but also the cyber resilience of that institution and financial system.” 

Those "very large number of attacks" are backed up by findings from the Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report 2020-21, which stated in the last financial year, cyber incidents affecting the Australian financial industry had a larger impact than the financial year prior. 

Additionally, it had received over 67,500 reports of cyber crime, a rise of 13 per cent year-on-year, with self-reported financial losses totalling more than $33 billion.  

Cyber attacks also have the potential to compound the severity when combined with other issues, the report stated. 

“Failures of culture and appropriate governance can encourage excessive risk-taking and poor decision-making practices, leading to the erosion of public trust in financial institutions,” it added. 

“Such failures, including when interacting with other vulnerabilities (such as climate change and cyber risks), could have serious financial implications.” 

The RBA's stance on improving cyber security follows its moves to upgrade various elements of its technology stack over the last two years, which include its financial messaging standardisation system in May 2020 and to overhaul its Cisco data centre in January 2020.

It also sided with fellow regulator the Australian Securities and Investments Commission (ASIC) on applying insights provided by IBM on improving the Australian Securities Exchange (ASX) following a review into the latter's trading platform outage on 16 November.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags RBAReserve Bank of Australia

Show Comments