When Cyber Hits the Balance Sheet: The Domino Effect in Financial Services

When Jaguar Land Rover halted production for three weeks after a cyber attack, headlines focused on idle factories. The deeper lesson for financial services, and for businesses generally – is not about cars – it’s about the domino effect. In manufacturing, the fallout spread from cancelled orders to stressed suppliers and lost community incomes. In finance, the same dynamics cascade faster and with greater force, affecting liquidity, capital flows, market confidence, and regulatory standing.

For boards, the message is stark: a cyber incident is not an IT outage. It is a systemic risk event.

First-Order Consequences:
Market Function and Service Continuity

In financial services, the “production line” is digital – payments, trading, and lending systems. Any disruption is a direct threat to market integrity and liquidity.

• When the New Zealand Stock Exchange was taken offline in 2021, trading froze for days, rattling investors and locking up capital flows.
• TSB’s 2018 IT meltdown led to 80,000 customers walking away within weeks, proving that service downtime now translates into immediate customer flight and reputational collapse.

The cost is measurable. Recent data puts the average financial sector breach at $6.08 million, the highest of any industry. More damaging still, the largest portion of that cost is not remediation, but lost business.

Second-Order Consequences:
Supply Chains and Counterparty Risk

Modern finance is an ecosystem. Breaches increasingly originate not inside banks, but within their vendors, partners, or deep within their supply chains.

• In 2024 and 2025, breaches at Santander and DBS originated from weaker links in their supply chains.
• Ransomware groups now specialise in exploiting third-party providers to maximise cascading impact.

The lesson: your resilience is only as strong as your least-prepared partner. Regulators are now demanding boards demonstrate oversight of the entire digital supply chain, not just internal systems.

Third-Order Consequences:
Trust, Regulation, and Market Position

Once a cyber incident hits, the ripple effect extends to trust, capital markets and regulatory arenas.

• Research shows that after a major incident; a bank’s share price typically falls by 5-7%. Analysts at Moody’s and S&P have started incorporating cyber risk management into their ratings, which can directly raise or lower a firm’s borrowing costs after a breach.

• Reputational impact is also measured in real customer funds. Studies of both Equifax (in the US) and TSB (in the UK) show that these attacks inflict costs well beyond technical fixes. The Equifax breach ultimately cost $1.4 billion not because of technical fixes but because of regulatory fines, litigation, and lost business.

• Regulatory expectations are ramping up: rules like the EU’s Digital Operational Resilience Act (DORA) and US SEC breach notification mandates mean that boards are personally responsible for proving operational resilience – not just explaining how breaches occurred.

 Cyber as a Business Risk Multiplier

For boards and executives, cyber risk is best understood as a force multiplier on existing risks:

• Liquidity: Payment outages force emergency borrowing and missed settlements.
• Credit: Counterparty failures can cascade through the lending ecosystem.
• Regulation: Penalties, breach notifications, and even licence loss are real outcomes.
• Reputation: Trust is now hyper-fragile; one incident can erase years of goodwill in days.

Why This Matters for Boards

Cyber resilience is now a strategic boardroom issue. Key questions directors should be asking:

• How resilient are our payment and settlement systems under stress, measured down to the minute?
  What is the true cost of losing customer access for an hour, not a day?
• Do we have a credible, tested plan for maintaining market standing and customer trust during an incident?

The accountability is personal. Regulators and investors are no longer satisfied with IT dashboards; they want evidence of board-level resilience planning.

From Probability to Preparedness

The forward-looking board recognises that cyber incidents are inevitable. The difference lies in preparedness. Scenario planning, cyber “fire drills,” and operational simulations are fast becoming the norm for best-in-class institutions.