Could a Cyber-Attack Cause the Next Financial Crisis?

While many economists are on recession watch, others are focusing on the risk of a co-ordinated cyber-attack

David Brenchley 6 March, 2019 | 3:45PM

Cyber-attack, cyber security, financial crash, economic crisis

As the current US economic expansion creeps towards its 10-year anniversary, the longest on record, economists and other industry commentators remain on recession watch.

While a recession at some point is an inevitability, other economists are focusing their time on the potential for an even bigger event: the next major adverse economic shock.

History suggests there are a few predictors of recessions, the number one being an inversion of the US yield curve. Generally, when the yield on a two-year US Government bond rises above that of the 10-year paper, a recession follows within the next 24 months.

Recessions can be mild, though. More likely, the next major hit to the global economy will be caused by a Black Swan event – something no-one sees coming. A decade ago, that came in the form of the subprime mortgage crisis in the US, before that it was the dotcom boom and subsequent bust.

By definition, a Black Swan event is unpredictable; that doesn’t stop commentators speculating which form the next one will take. The most recent suggestion is that it will emanate from a cyber-attack.

Technology has become so pervasive in the global economy that it regularly tops surveys of the biggest risks faced by businesses today. We have seen increasing company-specific data breaches in recent years – think Experian, British Airways, TalkTalk.

We’ve also seen larger, but still relatively minor, incidents like the hacking of the Ukrainian power grid in 2015 and the cyber-attack on the UK’s NHS in 2017.

Writing in the Harvard Business Journal in September, Paul Mee and Til Schuermann, partners at consulting firm Oliver Wymans, suggested that a cyber-attack that causes disruptions to financial services capabilities, especially payments systems, around the world, is the most likely culprit for the next crisis.

Separately, Vicky Redwood, senior economic adviser at research firm Capital Economics, released a report suggesting similar in February. “Attention naturally tends to focus on the immediate risks to demand in the global economy from, for example, tighter monetary policy,” she writes.

“But another supply shock will come along to hit the global economy at some point, and technological failure is high up the list of possibilities.”

Threat of Cyber Crime to Companies Grows

Cyber-attacks rank as the biggest threat facing businesses in North America today – ahead of terrorism, asset bubbles and fiscal crises – according to a 2017 survey carried out by the World Economic Forum.

Writing for the WEF, John Drzik of insurance broker Marsh LLC says the takedown of a single cloud provider could cause economic damage of between $50 billion to $120 billion.

“The annual economic cost of cybercrime is now estimated at north of $1 trillion,” he writes. That’s more than three times 2017’s record-year aggregate cost from natural disasters.

That said, even if the internet were to go down for a few days, Redwood predicts a reduction in global GDP of just 0.1% and a swift rebound in the economy. If this happened regularly, firms would become less efficient and trust in technology may wane leading to less innovation, but eventually we’d muddle through.

Redwood, Mee and Schuermann agree the most likely scenario in which a cyber-attack could trigger a financial crisis would be one carried out by a rogue nation state, so-called hacktivist, or terrorist group on financial institutions or major infrastructure including energy and transport networks.

The first question is whether this is a realistic threat. Walter Price, manager of the Allianz Technology Trust (ATT), tells Morningstar.co.uk that several countries do, indeed, have the capability to disrupt banks, infrastructure, healthcare institutions and manufacturing companies.

“There is no question that the capability is there to do significant damage,” he says. “The reason this has not happened [yet] is that it might be viewed as a hostile act that provokes a military response.”

 

The information contained within is for educational and informational purposes ONLY. It is not intended nor should it be considered an invitation or inducement to buy or sell a security or securities noted within nor should it be viewed as a communication intended to persuade or incite you to buy or sell security or securities noted within. Any commentary provided is the opinion of the author and should not be considered a personalised recommendation. The information contained within should not be a person's sole basis for making an investment decision. Please contact your financial professional before making an investment decision.

About Author

David Brenchley

David Brenchley  is a Reporter for Morningstar.co.uk

Audience Confirmation


By clicking 'accept' I acknowledge that this website uses cookies and other technologies to tailor my experience and understand how I and other visitors use our site. See 'Cookie Consent' for more detail.

  • Other Morningstar Websites