The online threat against Australia's big banks could pose a systemic risk
A successful cyber attack on one of Australia’s major banks is “almost inevitable,” the Reserve Bank has warned. Such attacks could put trillions of dollars in deposits and loans at risk.
In its latest Financial Stability Review, the RBA warned of the near-inevitability of a major cyber attack that defeats banks’ technological defences, according to a report by The Sydney Morning Herald. The number of cyber attacks – including attacks on financial institutions – has spiked over the last year and a half as staff worked from home during the COVID-19 pandemic and the demand for digital services has increased.
The banks hold about $1.2 trillion in deposits from households and are owed more than $1.8 trillion in investment and home mortgage debt, the Herald reported. The finance sector is the largest contributor to the nation’s economy.
The RBA acknowledged that large companies like banks can devote significant resources to cyber defence, but said the rising number of cyber attacks is still a major cause for concern.
“[Given] the very large number of attacks, it seems almost inevitable that at some point the defences of a significant financial institution will be breached,” the central bank said in its review. “Whether such an attack could result in systemic financial instability will depend not only on the part of the financial institution or system impacted and potential network effects, but also on the cyber resilience of that institution and financial system.”
The RBA said that financial institutions and regulators both in Australia and abroad are working on strengthening the resilience of individual institutions and financial systems as a whole to “a substantial cyber attack.”
The central bank warned that independent cyber criminals and state-sponsored hackers were becoming increasingly sophisticated, prompting regulators and businesses to work together more closely, the Herald reported. There have been relatively few cyber attacks leading to serious disruption and financial loss in Australia, but incidents increased in 2020-21.
“While the impact of incidents to date has been limited, given the large number of attempts, a significant cyber event that has the potential for systemic implications is at some point inevitable,” the RBA said. “A resulting loss of public confidence could lead to widespread stress in the financial system.”