'Cyber risk a systemic threat to banking stability'
Governor State Bank of Pakistan Jameel Ahmad. Photo: screengrab
The State Bank of Pakistan (SBP) has warned that cyber risk has emerged as a systemic threat to financial stability, public confidence and economic growth, as the central bank prepares to issue a comprehensive Cyber Resilience Strategy for the banking sector.
In an official statement issued on Friday, SBP Governor Jameel Ahmad said Pakistan's first-ever industry-wide cybersecurity drills for banks were designed to test not only technical response capabilities but also senior management decision-making during simulated cyber crisis scenarios. The drills simulated coordinated cyber-attacks across one or multiple institutions that, if not managed effectively, could pose risks to the stability of the financial system.
The governor said the exercise reinforced the need for preparedness, accountability and leadership, stressing that cyber resilience should be measured by how effectively institutions respond to attacks rather than whether incidents occur. He noted that participating banks demonstrated commitment beyond regulatory compliance by investing in crisis readiness and coordination.
Highlighting the evolving threat landscape, Ahmad said growing interconnectedness, rapid technology adoption and rising geopolitical tensions had increased cyber risks. He added that threat actors were now highly skilled, organised and well-resourced, while the domestic shortage of trained cybersecurity professionals constrained the sector's defensive capacity.
He emphasised that cyber resilience could not be achieved in isolation and required collective preparedness, transparent information sharing and trust between regulators and regulated entities. Maintaining public trust, he said, was essential as the banking sector continued its digital transformation.
Outlining recent measures, the governor said SBP had established a dedicated Cyber Risk Management Department to strengthen supervision, deepen engagement with banks and improve incident reporting frameworks.
The governor announced that SBP would soon issue a Cyber Resilience Strategy, titled "Cyber Shield 202530", built on five pillars, with lessons from the drills embedded into future operations across the banking sector nationwide overall.