Global financial markets are undergoing a transformative digitalisation era. The most consequential shift for financial stability lies in the digitalisation of core financial activities – including payments, banking, customer communication and outsourced IT services. These changes have led to efficiency gains, new products and services, and broader access, but they have also expanded the cyber and operational threat surface, from phishing and ransomware to disruptions affecting critical third-party services and outdated internal systems (OECD, 2022[1]). As geopolitical tensions rise, particularly following Russia’s war of aggression against Ukraine, cyber incidents have surged, with operations driven by state and non-state actors targeting financial institutions to exert strategic pressure or reap illicit profits. The consequences are multifaceted: cyber-attacks compromise proprietary data, disrupt essential payment systems, trigger operational breakdowns, and erode trust which is a cornerstone of stable financial markets (FSB, 2024[2]). The digital economy’s growing reliance on interconnected platforms amplifies these risks, requiring concerted policy responses and international regulatory co‑operation.
Financial institutions, financial market infrastructures (FMIs), and non-bank financial intermediaries are increasingly interconnected, sharing data and operational resources across borders. Network-based macro models suggest that shocks to a small set of central nodes can generate outsized aggregate effects, even when the initial disruption appears local (Acemoglu et al., 2012[3]; Eisenbach, Kovner and Lee, 2022[4]). This interdependence elevates systemic risk, as a successful breach of one node can cascade through the entire network (FSB, 2023[5]).
Concentration in shared technology providers (e.g. cloud and core IT vendors) can further turn operational outages into common shocks affecting many institutions simultaneously (Kotidis and Schreft, 2025[6]). Emerging financial technologies and products, such as central bank digital currencies (CBDCs), crypto and digital asset platforms, tokenised securities, and quantum computing, further complicate the threat landscape (OECD, 2024[7]). As digital assets become more institutionalised and attract growing interest from institutional investors, the potential for spillovers and contagion between decentralised finance and the traditional financial system increases (OECD, 2022[8]). While attackers continually refine their methods, AI-enabled malware or social engineering phishing methods adapt to undermine or manipulate financial systems. Internet-of-Things (IoT) devices can become platforms for distributed denial-of-service (DDoS) attacks, and quantum-based intrusion may in the future bypass encryption methods used to protect financial data, with recent research highlighting particular vulnerabilities within certain blockchain systems (Babbush et al., 2026[9]).
Geopolitical tensions increasingly shape the incentives for disruptive cyber operations, and in some contexts, expand the scope and co‑ordination of such attacks in and around the financial system. In periods of heightened geopolitical stress, strategically motivated campaigns can overlap with financially motivated cybercrime, with attacks timed around sanctions, major negotiations, or other geopolitical events (Crosignani, Macchiavelli and Silva, 2023[10]). By targeting cross-border payment networks, clearing and settlement systems, and trade finance platforms, such operations can disrupt liquidity flows and capital mobility, and undermine market confidence. In this sense, cybersecurity in finance is no longer merely a technical or compliance issue; it has become intertwined with international security and diplomatic strategy, with evidence suggesting that cyber incident activity may move in parallel with geopolitical risk across some periods (IMF, 2024[11]).
Supply chains and third‑party provider dependencies represent a significant attack surface and transmission channel.1 Adversaries can compromise smaller vendors or service providers to reach larger institutions, and disruptions can propagate widely when critical inputs are difficult to substitute. This dynamic mirrors well-documented mechanisms in production networks: when firms rely on very specific inputs and are tightly interconnected, shocks originating at a single node can spread through the network and amplify losses elsewhere (Acemoglu et al., 2012[3]; Carvalho, 2014[12]; Barrot and Sauvagnat, 2016[13]). In the cyber domain, this amplification has been illustrated by incidents such as the NotPetya ransomware cyberattacks in 2017, where indirect supply-chain spillovers substantially exceeded direct damages, and by more recent operational disruptions at concentrated technology providers that tested resilience and market confidence (Kamiya et al., 2021[14]; FCA, 2024[15]). For the ASEAN region and Asia more widely, which is deeply integrated in cross-border value chains, these dynamics elevate cyber resilience into an economic-security issue: trusted digital security increasingly supports investor confidence and investment decisions by reducing operational uncertainty in trade, logistics, and financial intermediation (ASEAN-BAC, 2025[16]).