When a subsidiary of the world’s largest lender proposes to settle trades via a USB stick shuttled between New York trading floors by a runner, it ought to set alarm bells ringing. That was one contingency discussed last week when ICBC Financial Services — the financial services arm of the Industrial and Commercial Bank of China — was hit by ransomware software, which prevented it from settling transactions in the $25tn US Treasury market. The hack was eventually contained by disconnecting its systems, alongside a $9bn capital injection.
While a larger fallout was avoided, the incident should act as a wake-up call for financial corporations and regulators to step up their efforts on cyber security. Such attacks were considered the greatest threat to the financial system, according to a recent Bank of England survey of UK market participants.
As finance has become more digitised, the risks have grown. Attackers have also become more sophisticated. LockBit, the group suspected to be behind the ICBC FS breach, conducted recent assaults at Royal Mail and ION, a supplier of trading software to the City of London. Analysts also fear that the adoption of generative artificial intelligence may increase the pace, scale and effectiveness of attacks.