Introduction
In April 2020, the Financial Stability Board (FSB) cautioned that “cyber incidents pose a threat to the stability of the global financial system.” The FSB went on to warn that the last few years have seen “a number of major cyber incidents that have significantly impacted financial institutions and the ecosystems in which they operate. A major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.”18 The potential economic costs of such events can be immense and the damage to public trust and confidence significant. Cyber incidents could potentially undermine the integrity of global financial markets;19 equally important, the exploitation of cyber vulnerabilities could cause losses to investors and the general public. Central to the risk is the fact that the global financial system is a complex adaptive system. It is resilient and able to absorb most of the shocks that regularly occur, but its complexity also means that large shocks, although rare, can quickly ripple in unpredictable ways. The system’s complexity also makes it impossible to predict exactly when or how such systemic shocks will occur.20 But one thing is clear: it is not a question of if a major incident will happen, but when.