The Bank of Valletta (Malta) has deliberately shut down all functions to mitigate the effects of a cyberattack. As the Times of Malta reports: “Bank of Valletta shut down all its operations on Wednesday [the 13th of February] morning after hackers broke into its systems and moved €13 million into foreign accounts”. The bank shut down all services: branches, ATMs, mobile banking and email services. It even took offline its website.
The implemented mitigation has limited the effects of the cyberattack. The bank reassured that the accounts and funds were the end not compromised, but the measure could have had also an impact on the intangible assets of the bank.

Possible impact on intangible assets

For instance, we can take into account the reputation. Are customers happy to hear that the bank that supports their business has no other mitigation option than shutting down the servers? How big has been the reputation loss for the bank? Is this loss of reputation generating loss of customers?
In addition, considering brand: which is the loss of brand value? On-line banking and related B2B services are relying on 24/7 business continuity. Thus, a full day interruption may have a significant impact on potential new customers.
Finally, with regards to business continuity: how much has the bank paid to cover the lack of services for the core clients?

When assessing cyber risks, together with the direct and indirect costs of cyber-attacks we have to consider other factors. For sure the costs for implementing mitigations are one of them. However, we also need to consider the impact that their activation may have on intangible assets. In this case, a critical infrastructure such Malta’s oldest bank and one of its largest should have sought and put in place alternative solutions to shut-downs.

 

This article has been written by project member ZenaByte. ZenaByte is a spin-off of the DIBRIS Department of the University of Genoa. Its main object is the development of innovative methodologies for intelligent management, interpretation and extraction of knowledge from data.