Cybersecurity and geopolitical risks in financial markets

Cyber-attacks cause damage on multiple levels. The most immediate impacts are where victims incur direct losses such as stolen funds, ransom payments, as well as the costs associated with restoring compromised systems. However, the full picture only emerges when considering indirect costs, such as brand damage, client attrition, legal liabilities, insurance premium hikes, and regulatory fines (OECD, 2022[1]). Over time, these indirect costs may exceed the initial financial loss, as reputational harm erodes stakeholder trust and increases the cost of capital. Event-study evidence suggests that publicly disclosed breaches can depress firm valuations and increase the perceived cost of capital, underscoring that reputational losses can be economically material (Kamiya et al., 2021[14]). Beyond the individual institution, systemic risks arise when cyber incidents spread disruptions across interconnected networks, undermining market functioning and policy effectiveness (European Systemic Risk Board, 2020[41]; ECB, 2022[42]; IMF, 2024[11]).

The financial sector’s complexity and interdependencies mean that damage can propagate rapidly. For instance, a successful infiltration of a major bank’s payment systems might delay settlements, freeze liquidity, and prompt counterparties to withdraw or withhold funds, amplifying market strains. Prolonged system outages could lead to higher collateral requirements, intraday liquidity shortfalls, and even margin calls, ultimately increasing credit risk and volatility (IMF, 2024[11]).

Recent empirical research highlights that cyber and operational disruptions can have systemic properties under some circumstances. Cyber incidents may propagate through shared technology providers and financial linkages, generating contagion and liquidity stress even for institutions that are not directly compromised. Moreover, bank-focussed evidence suggests that cyber-attacks can affect intermediation conditions, including deposit dynamics and credit supply responses. Bank-level evidence further suggests that cyber incidents can be followed by deposit outflows and weaker lending, pointing to a credit-supply channel through which operational disruptions affect the real economy (Boungou, 2023[43]). These findings support the broader policy concern that operational and cyber risk should be treated as potentially systemic rather than purely idiosyncratic. A growing literature emphasises that operational risk losses can be more correlated and systemic than traditionally assumed, reinforcing the case for treating cyber risk as a macroprudential concern (Kotidis and Schreft, 2025[6]; Boungou, 2023[43]).

Cyber‑attacks pose their greatest threat to financial stability when their effects propagate across institutions and markets, creating system‑wide disruptions that extend beyond the initially affected entities. Interconnectedness ensures that no institution operates in isolation. Clearinghouses, central securities depositories (CSDs), custodian banks, settlement systems, and data aggregators all rely on secure data flows and timely execution of financial contracts. A cyber incident affecting a crucial node could disrupt payment and settlement chains, delay the processing of trades, and prompt precautionary liquidity hoarding by market participants. Such responses compound stress, potentially leading to liquidity freezes and fire sales of assets (IMF, 2024[11]).

The systemic implications can extend to the broader economy. If financial institutions struggle to facilitate credit flows or manage risk transfer effectively, businesses and households may face higher borrowing costs, reduced credit availability, and a less stable investment environment. Over time, diminished trust in the financial infrastructure could reduce the overall efficiency of resource allocation, ultimately harming productivity and growth. Models developed by central banks and multilateral organisations suggest that severe, simultaneous cyber incidents could significantly impact GDP growth, especially if they coincide with broader geopolitical tensions (IMF, 2024[11]).

Financial authorities are increasingly employing scenario analysis and cyber stress testing to quantify and anticipate potential damages. By simulating targeted attacks on critical payment or settlement systems, regulators and institutions can identify vulnerabilities, gauge potential liquidity shortfalls, and estimate the time required to restore normal operations. These exercises often incorporate assumptions about attackers’ capabilities, institutional response times, and the availability of backup systems (BIS, 2014[44]; ECB, 2018[45]). Quantitative assessment frameworks also stress modelling loss distributions, downtime, and network spillovers to support macroprudential cyber stress testing and to compare resilience investments across scenarios (Eisenbach, Kovner and Lee, 2022[4]; Bouveret, 2018[46]).

Advanced modelling techniques now integrate macro-financial feedback loops. For example, a cyber incident shutting down a major trading platform might initially trigger direct losses and lost fee revenue. Subsequently, delayed settlements could prompt collateral calls and risk aversion among investors. This shift in behaviour might depress asset prices, further weakening institutional balance sheets and raising broader financial stability concerns. Through iterative simulations, policymakers can design more resilient frameworks, consider mandatory backups or redundant systems, and evaluate the costs and benefits of various preventative measures (BIS, 2014[44]; ECB, 2018[45]).

Emerging technologies are reshaping both the nature of attacks and the potential scope of damage. AI-enabled attacks can be tailored to specific institutions, potentially increasing success rates and complicating detection. As attackers become more effective in breaching defences, the average size and complexity of damage may rise. In the event that quantum computing undermines current cryptographic methods, attackers could potentially decrypt financial data accumulated over several years. Such a breach would risk exposing trade secrets, confidential client information, and sensitive governance data, potentially leading to significant reputational and systemic harm (OECD, 2024[7]; 2022[1]). Due to data limitations and the time‑lagged nature of indirect effects, recent studies are turning to market-based indicators, such as stock price reactions, to estimate the broader economic impact. This trend reflects a wider shift towards risk-based frameworks that incorporate both micro- and macro-level perspectives (IMF, 2024[11]; Vergara Cobos et al., 2024[47]).

The diffusion of emerging technologies including AI-enabled automation, cloud and third‑party reliance, and API‑based interoperability, reshapes not only the attack surface but also the speed and breadth of shock transmission, raising the likelihood of market amplification (OECD, 2021[20]). While earlier assessments often centred on idiosyncratic, ex‑post losses and recovery costs, technology‑driven interconnectedness can translate operational disruptions into rapid repricing, higher volatility, liquidity withdrawal, and increased margin/collateral demands (OECD, 2022[1]). As reliance on common service providers and critical nodes grows, a single incident can generate synchronised risk‑off responses and cascade effects even among institutions that are not directly compromised.