While fears about macroeconomic climate remain the single biggest risk factor for banks globally, for bankers in North America and the U.K. the threat from ever more sophisticated cyberattacks ranks above regulation, political interference and credit risk as the No. 1 threat to the industry.
In its annual Banking Banana Skins survey -- conducted by PricewaterhouseCoopers LLP -- the Centre for the Study of Financial Innovation (CSFI) says that criminality has shot up to second position in global risk factors in 2015 from ninth position in 2014 and the reason for the rapid rise is the increased threat from cybercrime.
"Tax evasion and money laundering are two threats that can be managed and controlled. Cyberattacks are a different animal," said an industry observer in the U.S. The threat is so great that some believe a single cyberattack could bring down a bank. Simon Samuels, a banking consultant in the U.K. and previously managing director of Barclays, said: “We may at some point see a cyberattack so powerful on an individual bank that it has the power to bring down the institution, necessitating a state bailout.”
The threat to banks is not a hypothetical one. In 2014, we saw a major data breach at JPMorgan Chase & Co. where information from over 83 million accounts was compromised. Earlier this year, HSBC also revealed to some of its mortgage customers that hackers had stolen their personal information. Just this week, security company FireEye published a report, which detailed the actions of a highly sophisticated Russian cybercrime gang who are targeting financial institutions to steal payment card data.
The CFSI study reveals that an underinvestment in “creaking technology systems” by banks means they are on the back foot while criminals become more numerous, sophisticated and audacious. A respondent in the U.S. said: "Cybercriminals work 24 hours a day and 7 days a week, and don't have to pay taxes on their gains. The industry is very vulnerable." A banker in New Zealand added that “billions are lost annually in these types of attack," while an industry observer in the U.K. warned that “cyberattack on key financial infrastructure could paralyze key activities -- such as interbank payments -- for some days."
The survey polled 672 bankers, regulators and close observers of the banking industry in 52 countries and while respondents in the U.S. and the U.K. put the threat from criminality as their No. 1 risk factor, respondents around the globe recognize the seriousness of the cybercrime threat. “Cyber theft will only grow and at least one bank will fail in the next 10 years as a result,” a chief financial officer in Singapore said.
However, a minority of respondents appeared to see the threat from cybercrime as nothing more than a passing scare. Five people gave the risk from criminality a score of one out of five, with some saying that just like the Y2K bug, this was not a credible threat to the security of their organizations.