This paper outlines how a paradigm shift is required when approaching cyber risk management for interbank payment systems, which are affected by the growing interconnectedness of systems, the digitalization of financial services and continuously evolving cyber threats.
In this scenario, cyber threats may derive from a wider number of actors, who are constantly active on the Internet and able to exploit an increasing number of vulnerabilities and attack vectors to achieve their goals. Financial institutions should therefore assume that specific cyber threats can overcome any defence.
Firstly, the paper outlines the theoretical reasons for this necessary paradigm shift; secondly, it aims to highlight the importance of all the stakeholders in strengthening the cyber resilience of payment systems, in particular the central and enabling role of messaging service operators, by providing an analysis of a real case study, the recent Central Bank of Bangladesh cyber fraud; and finally, the paper aims to encourage discussion on the new paradigm and the adequacy of current regulatory frameworks and supervisory approaches.
