Cyber incident cost estimates and the importance of building resilience

Cyber incident cost estimates and the importance of building resilience

February 25, 2020

Cyber-attacks could cost New Zealand’s financial sector more than $100 million a year on average according to a new Reserve Bank bulletin article, highlighting the need for industry resilience to counter these threats.

Part of an expanding programme of work on risks to the financial system, Cyber incident cost estimates and the importance of building resilience examines the financial sector’s resilience to cyber threats and estimates the potential costs to the country’s financial system, using two internationally recognised methods.

The authors Aria Zhang, Rosie Collins, and Cavan O’Connor-Close estimate an indicative average cost of cyber incidents of $104 million a year for the banking sector and $38 million annually for the insurance sector, or the equivalent of 2-3 percent of annual profits for the two industries.

The modelling also indicates that in any given year there is a 5 percent chance the costs could exceed $2.3 billion a year.

While quantifying these costs is difficult, the findings indicate the financial cost has the potential to be significant. The study did not capture any additional costs such as the possible loss of confidence in the financial system.

The country’s cyber-security agency CERT NZ found more than 60 percent of cyberattacks on New Zealand organisations in 2018 targeted firms in the financial and insurance services sector.

With the frequency and severity of cyber security incidents on the rise, the study highlights the importance of the financial sector remaining vigilant and managing cyber risks effectively.

The Reserve Bank is strengthening its efforts to enhance the resilience of the financial system from cyber threats, including developing risk management guidance and promoting information-sharing in collaboration with industry and other public organisations.

Login To MyTis Comment Or Register to MyTIS

Notify of
Inline Feedbacks
View all comments


Register now to receive the latest news and information for global trading industry.

Latest Articles

MAS Speech Regulatory Framework

CAD, MAS and ACRA Commence Joint Investigation into Hyflux

The Commercial Affairs Department (CAD) of the Singapore Police Force, the Monetary Authority of Singapore (MAS) and the Accounting and Corporate Regulatory Authority (ACRA) have launched a joint investigation into …

Would love your thoughts, please comment.x