Key Details
The OECD’s report Cybersecurity and Geopolitical Risks in Financial Markets examines how cyber incidents are increasingly interacting with financial markets, geopolitical tensions and digital infrastructure to create broader systemic risks.
Key Area | Finding |
|---|---|
Third-Party Risk | Vendor-targeted cyber incidents increased more than 14-fold across G7 economies between 2021 and 2025 |
Financial Stability Impact | Cyber incidents occurring during periods of financial stress can amplify credit-risk premia by up to five times |
Emerging Markets | Rapid digitalisation and reliance on external technology providers increase vulnerability to cyber disruptions |
Crypto Ecosystem | Around US$2.2 billion was lost through crypto-related cyber thefts in 2024 |
AI Risks | Frontier AI is accelerating vulnerability discovery and potentially increasing attack sophistication |
Quantum Threat | Future quantum computing capabilities may undermine existing encryption standards |
Regulatory Focus | OECD recommends systemic cyber-resilience frameworks, supply-chain monitoring and cyber stress-testing |
Summary
OECD Links Cybersecurity to Financial Stability
The OECD’s report Cybersecurity and Geopolitical Risks in Financial Markets argues that cyber incidents should no longer be viewed solely as technology or operational risks. As financial systems become increasingly dependent on digital infrastructure, cloud services and third-party technology providers, cyberattacks now have the potential to disrupt financial markets, amplify financial stress and create broader systemic risks.
Third-Party Vendors Are Emerging as a Critical Weakness
A key finding is the growing vulnerability created by third-party ICT providers and digital supply chains. While large financial institutions have strengthened their internal cybersecurity systems, attackers increasingly target smaller vendors that provide software, cloud services and operational support. Vendor-related cyber incidents increased more than fourteenfold across G7 economies between 2021 and 2025, highlighting how weaknesses outside core financial institutions can trigger wider disruptions.
Developing Economies Face Distinct Vulnerabilities
The report notes that rapid digitalisation in emerging and developing economies has often outpaced cybersecurity capacity and regulatory preparedness. Financial systems with large numbers of SMEs, outsourced technology providers and expanding digital-finance ecosystems may face heightened exposure to operational disruptions and cyber contagion. The OECD therefore emphasises the need to strengthen cyber resilience across entire financial ecosystems rather than focusing only on large institutions.
Cyber Shocks Can Magnify Financial Stress
OECD analysis suggests that cyber incidents occurring during periods of market stress can significantly amplify financial instability. When major financial institutions experience cyber disruptions during adverse market conditions, credit-risk premia can increase sharply, tightening financing conditions and weakening confidence across markets.
New Technologies Are Reshaping the Threat Landscape
The report highlights the growing role of frontier AI, which can accelerate vulnerability discovery and automate cyberattacks, alongside longer-term concerns around quantum computing, which may eventually undermine existing encryption systems. These developments reinforce the need for regulators and financial institutions to continuously adapt cybersecurity frameworks.
Building System-Wide Resilience
The OECD argues that financial regulators should move beyond institution-level compliance towards system-wide operational resilience. Recommended measures include continuous monitoring of third-party providers, stronger cyber-risk oversight for SMEs, dedicated financial-sector incident response mechanisms and macroprudential cyber stress-testing to assess how disruptions could spread across interconnected markets.
What is a Macroprudential Cyber Stress Test?
A macroprudential cyber stress test evaluates how a major cyber incident could affect the wider financial system rather than a single institution. It examines how disruptions at banks, payment systems, cloud providers or technology vendors could spread through interconnected financial networks and create broader stability risks.
Policy Relevance
Highlights the growing importance of third-party risk oversight in India’s digital financial ecosystem. As banks, fintechs and payment systems increasingly rely on external technology providers, vulnerabilities in vendor networks can create wider financial-sector disruptions.
Strengthens the case for system-wide cyber stress testing of critical financial infrastructure. India’s highly interconnected digital payments architecture, including UPI and real-time settlement systems, may require regular simulations of large-scale cyber disruptions.
Reinforces the need to improve cybersecurity preparedness among SMEs and technology vendors. The report finds that attackers increasingly exploit weaker suppliers and service providers to access larger financial institutions.
Positions cybersecurity as a financial-stability issue rather than solely a technology risk. Cyber incidents occurring during periods of market stress can amplify financial vulnerabilities and affect broader economic confidence.
Signals the need to prepare financial infrastructure for emerging technological threats. The report highlights both AI-enabled cyberattacks and future quantum-computing risks as areas requiring long-term regulatory attention.
Supports closer coordination between financial regulators and cyber-security agencies. Effective resilience increasingly depends on information sharing, incident response and oversight across the wider financial system.
Follow the Full Report Here: Cybersecurity and geopolitical risks in financial markets