EDITOR NOTE: Banks are generally well prepared for your average cyberattack. A single attack may lead to some downtime, a small loss in revenue, and maybe even a ransomware payment. The banking industry as a whole, though, is not prepared for systemic cyber events. These types of focused, coordinated attacks, often supported or even perpetrated by foreign governments, could cripple the approximately 4,900 banks that make up the U.S. banking sector, representing $1.1 trillion in total revenues. If systemic cyber events ever hit the technology connecting a network of banks, it could be catastrophic and set off a chain reaction that takes down the whole U.S. banking system. A growing list of experts, including Jay Powell, Joe Biden, Warren Buffet, Klaus Schwab, and now Fitch Ratings Agency, believe Cyber Risks are the biggest threat to our society. So why is our government rushing to digitize everything? The largest hack-attack for $600 million just took place today, and the world barely took notice. What happens if that attack were on your bank? Private ownership of physical non-CUSIP gold and silver is an urgent matter! Call us at 800-474-9159.
Fitch Ratings-London/Chicago/New York-10 August 2021: U.S. banks are generally well positioned to handle average modeled cyber risk losses; however, tail events from a systemic cyber risk event can be material, according to a new Fitch report, “Quantifying U.S. Bank Systemic Cybersecurity Risk.”
The financial impact of a cyber event often centers around the reported remediation, or in the case of ransomware, the requested ransom payment. But, the financial cost from a cyber event is likely to extend well beyond just headline figures. Additional costs from these tail events can include data restoration, investigation and response, regulatory legal fines, and brand damage. Cyber risk insurance can mitigate some of these costs.
Fitch collaborated with CyberCube, a leading cybersecurity quantification company, to model the impact of systemic cyber events on the U.S. banking sector under various cyber risk scenarios. CyberCube’s model focuses on “single points of failure” (SPoF) for cyber incidents that could impact parts of the US banking system. SPoFs are technologies (e.g. operating systems, cloud service providers etc.) for which connectivity and dependencies are identified by bank. A cyber attack on a particular SPoF may have a cascading impact on the identified connected banks.
The infection of a SPoF is a force multiplier creating significantly larger footprints of compromise than in traditional attacks that infect one bank or system at a time. “Systemic cyber risks are as important to analyze as idiosyncratic cyber risks,” said Fitch Managing Director Christopher Wolfe. “Cyber risk is evolving into broader aggregations and concentrations within the vendor management and supply chain. An incident at a single critical third- or fourth-party vendor could lead to significant business interruption losses,” said Wolfe.
For the purpose of this research, Fitch and CyberCube analyzed the entire U.S. banking sector of approximately 4,900 banks with over $1.1 trillion in total revenues. This portfolio went through CyberCube’s proprietary model to quantify the potential impact of cybersecurity incidents on the US banking industry over a one-year period.
“Our work with Fitch has identified the top threat scenarios for the U.S. banking, and the repercussions a cyber risk might have on an individual bank,” said Souki Chahid, CyberCube Principal Product Advisor. "A greater understanding of the inherent risks faced by the banking sector will support banks in their decision-making with regards to their insurance purchasing and their operational risk."
This analysis complements Fitch’s initial report on “Exploring Bank Cybersecurity Risk,” published in April. That report evaluated individual bank vulnerability to a cybersecurity risk through the lens of cyber risk scores, whereas this analysis assesses the potential aggregate impact on the industry in the event of a cyber incident.
The report highlights five key findings from the analysis: a comparison of banks by size and their exposure to systemic cyber risks, an analysis of the average annual loss for the industry, a review of the five scenarios generating the largest modeled losses, performance of rated banks by modeled losses, and the difference in purchasing of cyber insurance at large versus small banks.
CyberCube delivers leading cyber risk analytics for the insurance industry. With advanced data access and multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure.
Original post from Fitch Ratings