Direct and indirect impact from cyberattacks against banks are estimated to cause losses of 35-65 percent and 20-50 percent of quarterly profits, respectively. According to the study, profit declines are attributable to reputational impact, funds were stolen, legal charges and marketing expenses.

The stress tests revealed likely vulnerabilities from theft and disruption-related cyberattacks. Examples of theft-related attacks include hacking of ATMs to dispense cash and bank payment systems. Disruption-related impact includes denial-of-service (DoS) attacks to prevent access to the internet and mobile banking apps or disruption to internal payment processing systems. Damage or corruption of client data was also cited as another example of a cyberattack.

The aforementioned figures reflect costs without contingency measures and when included, risks are significantly improved with banks expected to lose quarterly profits of 20-35 percent and 12-25 percent from direct and indirect impact, respectively. In order to reduce risks from cyberattacks, banks have adopted multiplied layers of security controls to protect data and funds; added DoS mitigation measures such as clean pipe services; and backed up critical data regularly.

In-house measures aside, it is also heeding greater attention to third-party service providers. Periodic audits are made to verify the ongoing effectiveness of existing security and business continuity measures are in place for a switch to an alternative provider or to in-house operations in the event of a disruption.