Phishing and ransomware are central banks’ main cyber threats
Teams widely use training, monitoring and privilege management to mitigate cyber threats
Central banks’ most significant cyber threats are phishing attacks and ransomware, data from the Risk Management Benchmarks 2026 shows.
Risk managers rated the significance of cyber threats to their central banks on a scoring system of one to five, with one marking very low risk and five marking very high risk.
Phishing attacks received the highest average score of 3.7, while ransomware was close behind with an average of 3.6. Breaches occurring in commercial banks scored the lowest, at 3.1.
Nearl
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@centralbanking.com or view our subscription options here: subscriptions.centralbanking.com/subscribe
You are currently unable to print this content. Please contact info@centralbanking.com to find out more.
You are currently unable to copy this content. Please contact info@centralbanking.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@centralbanking.com test test test
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@centralbanking.com test test test
More on Risk Management
Just under half of risk departments are sufficiently staffed
Units with satisfied staffing levels earn below global average annual salary
Mitigation and reporting are leading components of risk strategy
Decentralised teams more likely to embed philosophy in divisional decision-making
Most centralised risk teams prioritise cyber security
Decentralised teams primarily cover credit and counterparty, op and market risks
Risk policies widely reviewed by committee in larger teams
Central banks with larger teams favour risk committees over CROs
Middle income central banks have highest number of risk staff
But ratios of risk management employees to total headcount vary widely
How central banks manage their own cyber defences
Resilience against system breaches, ransomware and phishing attacks is in focus, alongside managing third-party risks and the threat of state actors to payment systems
Risk Management Benchmarks 2025 – model banks analysis
Drilling into the data reveals patterns in risk prioritisation and department structure
Risk Management Benchmarks 2025 – executive summary
The benchmarks reveal an ongoing focus on cyber risk, but climate and AI risks are rising fast