Investor concerns about the pandemic are fading. All eyes are now on the burgeoning threat of cyber-attacks, and what they mean for financial system stability.
The Depository Trust and Clearing Corporation (DTCC) risk barometer was launched in 2013, and provides a handy insight into what’s worrying investors in any given year.
And after two years of pandemic conditions and geopolitical tensions, the focus is increasingly turning to the burgeoning risk of cyber-attacks, with 59 per cent of respondents including it in their top five risks.
“The complexity of the financial services industry, the interconnectedness of individual players, and the introduction of new and innovative technologies further heighten the risk of a large-scale cyber-attack on the financial sector,” said Stephen Scharff, DTCC chief security officer on cyber risk. “That’s why cybersecurity and resilience initiatives are never complete. We must continually assess our security measures against the risks we face.”
Days before 2021, the Reserve Bank of New Zealand was hit with a cyberattack launched through a vulnerability in third-party file-sharing software Accellion FTA, which allowed attackers to spirit away customer information around credit details and personal email addresses. The Reserve Bank of Australia (RBA) has devoted significant time and ink over the last few years to assessing the possibility of similar attacks being carried out against Australian financial institutions.
While Australia’s large financial institutions tend to be better prepared than their global peers, the volume of attacks has increased – partly as a result of the move to remote working – and the RBA believes it is “almost inevitable” that their defences will be breached at some point.
“A resulting loss of public confidence could lead to wide-spread stress in the financial system. Compromised confidential information could lead to severe reputational damage and reluctance from market participants to extend liquidity or credit,” the RBA wrote in its Financial Stability Review in October.
“The increased level of interconnectedness in the financial system – including through a network of third-party service providers, critical FMIs, lenders and counterparties – could rapidly transmit the impact of a cyber incident from one institution to another.”
The potential implications of a more sophisticated attack were on show in Australia in late 2020 when the ASX shut down as a result of a glitch. While a cyber-attack wasn’t the cause, the chaos the outage sowed in markets in the days afterwards is testament to the damage such disruption can wreak.
Interestingly, the number of investors who consider pandemics a threat has substantially decreased; for them, the storm has clearly passed, despite the continued emergence of variants like delta and omicron. The attention has now turned to central bank policy – namely, the possibility that inflation is not as transitory as it seems (as Federal Reserve chair Jerome Powell recently conceded) and that keeping rates lower for longer will only inflate the asset price bubble.
“Central banks face a difficult balancing act, as they need to manage inflation in a way that allows the postpandemic recovery to continue, while simultaneously addressing rising concerns around record debt levels and stretched asset valuations,” said Michael Leibrock, DTCC chief systemic risk officer and head of counterparty credit risk.
“The combination of these circumstances creates a macroeconomic environment in which a relatively small shock could have disruptive consequences on both financial markets and the real economy.”
Geopolitical risks and climate change continue to worry investors, particularly with the ongoing sabre-rattling between China and the US. Australia has had its own sparring sessions with the superpower – one of our largest trading partners – mostly focused in the arena of trade, though the recent signing of the AUKUS defence treaty (a trilateral agreement between Australia, the United States and the UK) has created another potential flashpoint.
Of course, it’s usually the risk that people aren’t thinking about that wipes you out; the possibility of a global pandemic didn’t rate a mention in 2019’s edition of the risk survey, when most of the focus was on the ramifications of Brexit and burgeoning geopolitical tensions in areas like the Middle East and China. But that’s always the case with ‘Black Swans’. Perhaps that particular risk will be included in next year’s survey.
Lachlan Maddock is contributing editor to Investor Strategy News (Australia)