Financial services face their most significant threat yet from cyber attacks, industry leaders warned on Thursday, as escalating digital risks threaten to destabilise banks, credit unions and insurers.
Administrators echoed serious concerns about the risks their organisations face as a result of ongoing cyber attacks at a roundtable discussion on the findings of the 2024 Financial Stability Report, released on Thursday by the Central Bank of Barbados.
The warnings were issued by the president of the Barbados Bankers’ Association (BBA), Shimon McIntosh; general manager of the Barbados Co-operative Credit Union League Limited (BCCULL), Tracia Pounder; and Paul Inniss, executive vice-president and general manager of Sagicor Life Inc.
McIntosh and Pounder described cybersecurity as one of the biggest risks, while Inniss saw it as an emerging threat that all must pay attention to.
The leaders said, however, that substantial sums of money were being invested in combating the problem.
The Central Bank’s Stability Report found that cyber incidents create operational, financial and reputational risks for the financial system.
“As financial services digitalise the sector faces heightened exposure to cyber incidents, including ransomware, malware, and social engineering attacks,” the report declared. “Risks are transmitted through loss of confidence in critical financial infrastructure, disruption of services, and interconnected IT systems.”
It added: “This may trigger deposit outflows (cyber runs), restrict access to funding, or disrupt payment operations, potentially amplifying liquidity risks and spillovers to the wider economy. Such events also impose significant direct costs related to data recovery, customer compensation, and regulatory penalties.”
It said that cyber attacks targeting payment systems pose particular systemic risk for Barbados. “Given the reliance on shared infrastructure like the RTGS [Real Time Gross Settlement] and ACH [Automated Clearing House], an isolated cyber event could disrupt interbank settlements and real-time payments, affecting both the financial and non-financial sectors,” said the report. “For smaller institutions, especially credit unions and finance companies, capacity constraints may exacerbate vulnerability to cyber threats.”
It was also pointed out that cyber risk has risen alongside the digital transformation of the financial services industry.
Cyber threats targeting banks and credit unions have made the headlines in recent months, including attempts to compromise customer card data.
“Results of the 2023 cyber-risk survey indicate that spam and phishing, a high-frequency but low-severity event, are the most common cyber threats. Although medium- and high-severity incidents are less common, they still pose serious operational and reputational risks,” the 62-page survey stated.
General manager of the Barbados Co-operative Credit Union League Limited, Tracia Pounder. (HG)
It noted that while the expansion of electronic transactions has resulted in an increasing number of payments made online with enhanced efficiency, it has also elevated the sector’s exposure to cyber threats.
The report suggested that it is therefore critical that financial institutions have effective cybersecurity programmes, capabilities and controls in place to mitigate current and emerging threats: “Financial institutions and regulators have taken steps to strengthen cyber resilience. Cybersecurity strategies, incident response plans, and staff training have been prioritised across the sector. The bank and the FSC [Financial Services Commission] have introduced cyber incident reporting templates and guidelines to their licensees, in order to standardise responses.”
In addition, it said, the Cybercrime Bill to replace the Computer Misuse Act will, once enacted, provide an updated legal framework for combating cybercrime. As part of this FSR, the bank provides first-time estimates of potential cyber risk losses under a Bank Identification Number (BIN) attack scenario. These findings aim to enhance sectoral awareness and inform ongoing supervisory priorities.
The report noted that supervisory assessments continue to highlight disparities in cyber risk preparedness across non-bank financial institutions.
It said a cybersecurity questionnaire issued by the FSC in September 2024 to credit unions and insurance companies revealed varying levels of cyber readiness, with larger institutions generally demonstrating stronger IT and cybersecurity controls.
The document explained that smaller entities, however, exhibited gaps in key areas.
“To mitigate potential vulnerabilities and promote resilience,” the report added, “the bank and the FSC are supporting registrants through guidance, knowledge sharing, and the promotion of best practices in cybersecurity governance.”
It was also found that artificial intelligence adoption is introducing new operational and systemic risks across the financial sector.
“Its use in underwriting, claims processing, and investment management raises concerns over algorithmic bias, opaque decision-making, and heightened cyber vulnerabilities. Weak governance may undermine underwriting fairness, increase reserving risks, or expose sensitive beneficiary data,” the report cautioned.
“Strengthening governance, transparency, and cyber resilience will be critical to mitigate these risks and protect policyholders and beneficiaries,” the report suggested.
emmanueljoseph@barbadostoday.bb
The post Cyber attacks now top threat to financial service, industry leaders warn appeared first on Barbados Today.