Discussion paper

DP17660 Cyber risk in central banking

The rising number of cyber attacks in the financial sector poses a threat to financial stability and makes cyber risk a key concern for policy makers. This paper presents the results of a survey among members of the Global Cyber Resilience Group on cyber risk and its challenges for central banks. The survey reveals that central banks have notably increased their cyber security-related investments since 2020, with a priority on technical security control and resiliency. Central banks see phishing and social engineering as the most common methods of attack, and the potential losses from a systemically relevant cyber attack are deemed to be large, especially if the target is a big tech providing critical cloud infrastructures. Generally, respondents judge the preparedness of the financial sector for cyber attacks to be inadequate. While central banks in most EMEs provide a framework for the collection of information on cyber attacks on financial institutions, less than half of those in AEs do. Cooperation among public authorities, especially in the international context, could improve the ability of central banks to respond to cyber attacks


Doerr, S, L Gambacorta, T Leach, B Legros and D Whyte (2022), ‘DP17660 Cyber risk in central banking‘, CEPR Discussion Paper No. 17660. CEPR Press, Paris & London. https://cepr.org/publications/dp17660