The president of the European Central Bank (ECB), Christine Lagarde, has gone on record to warn that a cyber-attack on a major financial institution could trigger a liquidity crisis.
According to a report in the Independent newspaper, ECB president Christine Lagarde has warned that a well-organized cyber-attack on major financial institutions could lead to a financial crisis. During a speech in France on February 5, Lagarde is reported as saying that operational outages that encrypted or destroyed balance accounts at a major bank could trigger a liquidity crisis. “History shows that liquidity crises can quickly become systemic crises,” Lagarde said, adding, “The ECB is well aware that it has a duty to be prepared and to act pre-emptively.”
Referring to a European Systemic Risk Board (ESRB) report that estimates the global cost of cyber-attacks at anything up to $654 billion (£507 billion), Lagarde said that “As an operator of critical infrastructures, the ECB obviously takes such threats very seriously.”
The ECB is no stranger to the cyber-attack risk. In August 2019, I reported how hackers had breached security measures of the Banks’ Integrated Reporting Dictionary (BIRD) website.
While it would be nice to think that banks and other financial institutions are immune to the kind of cyber-attack that Lagarde references, where data is destroyed or encrypted, it would be foolhardy to take that for granted. After all, we have already seen institutions such as the United Nations fall victim to a “serious cyber-attack” at the end of last year, and the City of New Orleans declared a state of emergency following a cyber-attack. The New Orleans incident is perhaps most worrying as it involved precisely the kind of attack I assume that Lagarde is talking about when she mentions data being encrypted, namely ransomware. While not being a “major financial institution,” the Travelex international foreign currency exchange was hit by ransomware attackers recently, and it took many weeks before it recovered fully.
“The recent Travelex ransomware attack highlighted the ease at which taking out one organization can in fact knock on into other companies,” Jake Moore, a cybersecurity expert at ESET, said.
All of which, in the context of a coordinated and likely nation state-controlled attack, could cause the type of liquidity crisis that Lagarde warned history shows “can quickly become systemic crises.” The Independent report reveals that at the most recent meeting of the ESRB board, cyber warfare had been identified as a “source of risk to the financial system.”
“There will always be a cyber risk posed to the financial industry due to the vast amounts at stake, but this risk is managed to the highest capacity,” Moore said. Suggesting that companies working together build better defenses and see a lowering of the potential risk, Moore said, “When a bank heist is attempted, it is best to share the attack vectors within the industry to learn from best practice and create stronger security.”