BIBM Warns Cyber threats in Banking

Oct 23, 2025 12:14

Oct 23, 2025 18:53

Over the past two decades, Bangladesh’s banking sector has made significant technological advancements, with 95% of banking transactions now conducted digitally. Most banks have also launched mobile applications for customer convenience. However, insufficient investment in digital security has left banks increasingly vulnerable to cyberattacks. On average, more than 400 cyberattacks occur daily, primarily originating from China, North Korea, and Russia. Notably, nearly a quarter of these attacks come from China, and bank employees are identified as the sector’s most vulnerable target.

This insight comes from the Bangladesh Institute of Bank Management (BIBM) study, “Cybersecurity in Financial Sector of Bangladesh: Securing the Digital Future.” The research highlights that 16% of organized cyberattacks in the banking sector involve internal staff, another 16% are conducted by hacktivists, 11% by rival institutions, 7% with foreign state backing, and 6% from customers.

Professor Md. Mahbubur Rahman Alam of BIBM, who presented the findings, noted that from 2000 to 2024, banks invested BDT 53,413 crore in IT development. Previously, annual investment averaged BDT 2,000 crore, but now exceeds BDT 3,000 crore. Of this, 95% is allocated to hardware, software, networking, training, audits, and related expenses, while only 5% addresses cyber-security risks.

A survey of bank employees reveals a concerning lack of cyber awareness: only 4% excel in cyber vigilance, 10% are very good, 16% good, 20% average, 22% poor, and 28% critically low. In 2023-24, banks faced between 145 and 630 daily attacks, with 24% from China, 13% from North Korea, 12% from Russia, 7% each from the U.S. and Pakistan, 5% each from Romania and Turkey, 4% from Bulgaria, and 3% each from India, Taiwan, and Hungary. Domestic attacks accounted for 2%, with additional attacks from countries including Brazil.

The research identifies at least 13 types of organized cyberattacks in 2023-24. The most frequent were Advanced Persistent Threats (APTs), followed by known vulnerabilities, malware attacks, malicious terminals, cross-site scripting (XSS), SQL injection, backdoor installations, spear-phishing, ransomware, rootkits, clickjacking, and DDoS attacks. Most attacks are perpetrated by vendors and IT service providers, responsible for 27% of cybercrime, with unidentified hackers accounting for 24%. Employee involvement further underscores that staff remain the most affected, with 85% of attacks impacting morale and 53% disrupting routine operations.

A parallel survey of bank customers revealed that only 7% had excellent cyber awareness, 11% very good, 13% good, 15% average, 23% poor, and 31% critically low.

The study further notes the growth of IT personnel, from 5,875 in 2019 to 8,250 in 2024, representing just 3.2% of the roughly 200,000 employees in the banking sector. Analysis of recent online fraud indicates that 72% occurred through the SWIFT system, 20% via bank software, 3% using ATMs and plastic cards, 2% through mobile banking and check settlements, and 1% via internet banking.

As of March 2025, Bangladesh’s banking sector recorded 16,576,821 deposit accounts and 1,344,323 loan accounts. Banks operate 11,381 branches, 12,925 ATMs, and 7,345 CRMs. To support POS transactions in shops and restaurants, 133,150 POS machines are active. Besides the Nagad system, 1,430,000 mobile financial service (MFS) agents serve 145 million MFS account holders. Agent banking has 21,080 outlets, bringing total bank, agent, and MFS accounts in the country to nearly 50 million. Of these, 43,452,499 accounts have associated debit cards, 2,946,233 credit cards, and 7,039,117 prepaid cards, with 11,366,563 customers accessing internet-based services.

The research was presented at a national seminar held on 19 August at Pan Pacific Sonargaon Hotel in Dhaka, organized by the National Cybersecurity Agency (NCSA) under the patronage of Enhancing Digital Governance and Economy (EDGE). The event was attended by Dr. Anisuzzaman Chowdhury, Special Assistant to the Chief Adviser of the Ministry of Finance, as chief guest, and Faiz Ahmad Taiyeb, Special Assistant of the Ministry of Posts, Telecommunications, and Information Technology, as special guest. Other dignitaries included Nazma Mobarak, Secretary of the Financial Institutions Division, and Md. Abdur Rahman Khan, Chairman of NBR. The seminar was presided over by ICT Secretary Shish Haydar Chowdhury, with a welcome speech by NCSA Director General and Project Director Taibur Rahman.