SG banks see over 1,800 cyberattacks weekly in past six months

The financial sector ranks as the third most targeted industry.

Banks in Singapore have faced an average of 1,830 cyberattacks weekly over the past six months, according to Check Point’s Threat Intelligence Report. 

The financial sector ranked as the third most targeted industry, following government/military and utilities sectors. Notable incidents, such as the October 2023 cyberattack on local banks that disrupted the national payment system, highlight the critical impact of cybersecurity vulnerabilities.

Globally, the financial sector has incurred $12b in losses from more than 20,000 cyberattacks over the last two decades, based on data from the International Monetary Fund and Advisen. 

The high frequency of attacks stemmed from the sector’s central role in managing large monetary transactions and sensitive customer data, making it a lucrative target for cybercriminals.

Check Point emphasised that trust and technology are inseparable in modern banking and whilst advancements in e-banking and mobile applications enhance convenience, they also create opportunities for sophisticated cyberattacks, such as phishing and ransomware.

Breaches erode trust, resulting in direct financial losses, service disruptions, and reputational damage. In severe cases, cyber incidents could disrupt global financial systems by impeding credit flows between institutions.

Recognising the risks, governments worldwide have implemented regulations to reinforce the cybersecurity frameworks of financial institutions, often classified as critical infrastructure.

The Monetary Authority of Singapore issued the Technology Risk Management Guidelines, outlining principles and best practices to establish robust technology risk governance, aimed at helping banks manage technology and cyber risks effectively.

Malaysia and Indonesia are also enhancing cybersecurity policies to protect financial institutions, acknowledging their critical role in economic stability.

The Australian Prudential Regulation Authority introduced Prudential Standard CPS 234, requiring regulated entities to maintain information security capabilities aligned with their vulnerabilities and threats. This standard also enforces vendor risk management practices to mitigate the likelihood and impact of cyber incidents.