A central bank in a southern African country lost interbank payment operations for over a week. The central bank reported no observable financial losses. But the shutdown of the national payment system threatened to exacerbate systemic vulnerabilities and cause spillover effects to the macroeconomy.
That incident, documented in a new IMF Working Paper, is not an isolated outlier. It is a symptom of a structural shift that African financial leaders can no longer afford to ignore.
The IMF study, which analyses 14,055 cyber events across 162 jurisdictions over a decade, delivers a stark verdict. Cyber events in the financial sector have grown tenfold. The share of cyber events targeting finance doubled from 6 percent in 2014 to 13 percent in 2023. And for emerging markets, the vulnerabilities are more severe, the defences are weaker, and the consequences are potentially systemic.
The global picture: Finance is now a primary target
Between 2014 and 2023, the financial sector accounted for 9 percent of all reported cyber events globally. That placed it fifth among all sectors, behind public administration (18 percent), healthcare (13 percent), ICT (10 percent), and education (10 percent).
But the trend line is what matters. The share has nearly doubled in a decade. And within finance, the distribution is revealing. Credit intermediaries – banks – accounted for 46 percent of financial sector cyber events. Securities and commodities markets followed at 33 percent. Insurance carriers accounted for 16 percent. Monetary authorities – central banks – represented only 4 percent, though the IMF cautions that central bank incidents are likely underreported due to disclosure disincentives.
The primary method of attack is exploitative, not disruptive. Some 66 percent of cyber events in finance aim to steal information – customer data, intellectual property, sensitive organisational details – rather than to disrupt operations. The primary target is application servers (50 percent), followed by end hosts (12 percent).
For African financial institutions, this distinction matters. Data breaches are not a future risk. They are the dominant form of attack today.
The emerging market vulnerability
The IMF paper exposes a dangerous asymmetry. Central banks in emerging markets and developing economies account for 58 percent of reported cyber events involving monetary authorities – significantly higher than the share of advanced economies.
Several factors explain this disparity.
First, cybersecurity policy frameworks in emerging markets remain underdeveloped. Fewer than half of central banks and supervisory authorities in emerging markets had established a national cybersecurity strategy focused on the financial sector as of 2023. Formal supervisory or cyber threat/stress testing frameworks remain only partially implemented.
Second, the cybersecurity workforce gap is most severe in developing countries. Without adequate technical personnel, institutions lack the capability to prevent incidents and to respond effectively when they occur.
Third, weaker legal and technical deterrents make emerging markets more attractive targets for cybercriminals. Attackers perceive them as low‑risk, high‑reward environments.
The IMF is blunt: “The absence of robust cybersecurity policy frameworks and shortage of cybersecurity expertise may also make emerging markets and developing economies more attractive targets for cybercriminals, who perceive them as low‑risk, high‑reward environments.”
The systemic risk no one is talking about
The IMF paper includes a case study that every African financial regulator should read. A cyber event in a southern African country disrupted interbank payment operations at the national level for over a week.
The central bank reported no direct financial losses. But the shutdown of the payment system threatened to trigger three transmission mechanisms that could propagate to the real economy.
First, a deterioration in public confidence. Questions about the central bank’s operational capacity could erode trust. Foreign investors might reassess the credibility of the entire financial system.
Second, liquidity disruptions. If the central bank cannot clear transactions with commercial banks, interbank transfers are suspended. Wage payments are delayed. Settlement failures cascade.
Third, limited operational resilience. In developing economies, backup systems and contingency frameworks are often lacking. A single point of failure becomes a systemic vulnerability.
The IMF’s conclusion is clear. “Such disruptions, especially when occurring under stressed financial conditions, could significantly amplify liquidity strains, accelerate shocks across institutions, and pose a greater threat to financial stability.”
The banking sector: Non‑G‑SIBs are the soft underbelly
Globally, only 13 percent of cyber incidents in the banking sector involved Globally Systemically Important Banks (G‑SIBs). Non‑G‑SIBs – smaller banks, credit intermediaries, and regional institutions – account for the vast majority of attacks.
The reasons are not surprising but are deeply concerning for African banking. Smaller institutions have modest earnings, which constrains their ability to invest in cybersecurity and resilience. They operate under lighter compliance frameworks. They rely on legacy systems. Their cybersecurity capabilities are uneven.
For African banks, most of which are not G‑SIBs, this is a direct warning. The attackers are not targeting the largest, most defended institutions. They are targeting the weaker links in the chain. And third‑party vendors – IT providers, payment processors, file transfer platforms – are often the most vulnerable entry points.
Digital fraud: The front door that is always open
While cyber events target institutions, digital fraud targets customers. The IMF finds that cyber‑enabled fraud has nearly tripled globally over the past decade, reaching around 2.5 million cases in 2022.
The surge coincides with the COVID‑19 pandemic, which accelerated digitalisation and created new opportunities for transnational criminal syndicates operating industrial‑scale fraud and scam centres. The UNODC estimates that global losses from scams reached approximately one trillion US dollars in 2024.
For some developing countries, losses have been estimated at 2.5 to 4.2 percent of GDP. That is not a rounding error. It is a macroeconomic drag.
The IMF also finds that the number of cyber‑enabled fraud cases tends to increase with the value of bank deposits. As African financial systems deepen and digital payments expand, the attack surface grows proportionally.
Payment fraud: The instant payments dilemma
The IMF reviews payment‑related fraud across several jurisdictions, and the findings carry clear lessons for Africa’s rapidly growing instant payment systems.
In Europe, instant payments feature notably higher fraud rates than traditional credit transfers. Fraud types are becoming more complex, leveraging social engineering techniques. In India, online payment fraud grew sharply following the rise of instant payments, though proactive measures – a central payments fraud information registry and AI/ML models to detect mule accounts – have begun to reverse the trend.
The UK, the first jurisdiction to introduce a mandatory reimbursement scheme for authorised push payment fraud victims, has seen volumes increase but losses fall. Legislative reforms – online safety bills, economic crime acts – are being deployed alongside industry cooperation.
For African payment systems – from M‑PESA to interoperable fast payment networks – the lesson is urgent. Instant payments create value. They also create fraud vectors. The jurisdictions that succeed are those that build fraud detection, reporting mechanisms, and victim compensation into the system design, not as an afterthought.
What the IMF recommends
The paper concludes with a list of country‑specific actions that have proven effective. African financial leaders should take note.
Strengthen the legal basis and regulatory framework. Data privacy, liability‑sharing, and recovery of financial losses need clear rules.
Formulate a whole‑of‑society approach. A national strategy to fight digital fraud, not just a series of isolated initiatives.
Establish a fraud taxonomy. Common definitions enable consistent measurement and cross‑border cooperation.
Build fraud risk management frameworks across organisations. Not just in the compliance department, but embedded in product design and customer operations.
Identify and eliminate mule accounts. Proactive monitoring, not reactive investigation.
Strengthen measures against payment fraud. Daily limits, payee verification, improved fraud monitoring.
Establish an anti‑scam centre or central fraud registry. Make it easy for victims to report, and for authorities to aggregate intelligence.
Enable cross‑sectoral cooperation. Public authorities and private sector firms must share threat intelligence, not hoard it.
The new baseline for African financial services
The IMF paper is not a theoretical exercise. It is a data‑driven warning backed by 14,055 incidents across 162 jurisdictions over a full decade.
The findings for African financial leaders are unambiguous.
Cyber events in finance have grown tenfold. The share continues to rise. Non‑G‑SIBs – the majority of African banks – are the primary targets. Emerging market central banks are disproportionately vulnerable. Digital fraud has nearly tripled. Instant payments create new fraud vectors. And the consequences can be systemic, not merely operational.
The southern African country whose interbank payment system was disrupted for a week escaped without reported financial losses. The next country may not be so fortunate.
For forward‑thinking leaders across African banking, insurance, fintech, and payment systems, the IMF has provided the evidence. The question now is whether the response will match the scale of the threat.
SOURCE:
https://www.elibrary.imf.org/view/journals/001/2026/062/article-A001-en.pdf