Cyber Risk Management in Financial Institutions: Before and After the Bangladesh Bank Heist

Tanzina Sultana

(School of Business and Technology, Emporia State University, USA)

Abstract: The cyber heist of the Central Bank of Bangladesh in February 2016, which led to an $81 million loss, marks a significant event in the history of financial institution (FI) cyber-attacks. This paper examines the cyber risk management landscape within FIs before and after this landmark heist. It underscores the wake-up call to the international banking community, highlighting the vital need for robust cyber risk management frameworks to combat such sophisticated threats. The incident not only unveiled the shortcomings in the cybersecurity measures of a central bank but also demonstrated the extensive consequences of such breaches on the broader financial system. Our study analyzes the changes in risk management practices pre- and post-heist, emphasizing the enhancement of security protocols, employee training, incident response strategies, and the adoption of frameworks such as the NIST Cybersecurity Framework. By exploring this particular case, we aim to provide insights into the critical importance of managing cyber risks and to offer recommendations for strengthening the resilience of financial institutions against evolving cyber threats.

Key words: Bangladesh Bank Heist, cyber risk management, cybersecurity, banking sector resilience, SWIFT network

JEL code: M1