Bangladesh’s banking sector is under a mounting cyber threat, with an average of over 400 cyberattacks occurring daily. Recent research reveals that a significant portion of these attacks originates from foreign countries, notably China, North Korea, and Russia, with China alone accounting for one-quarter of all attacks.
The findings were highlighted in a presentation titled “Cyber Security in the Financial Sector of Bangladesh: Securing the Digital Future” by the Bangladesh Institute of Bank Management (BIBM), an institution that leads research and training for the country’s banking and financial sector. The presentation underscores the growing vulnerability of digital banking infrastructure in Bangladesh and the urgent need for stronger cyber security measures.
Investment in IT Up, But Cyber security Lags: According to BIBM, Bangladesh’s banks have invested a total of BDT 53,413 crore in information technology (IT) infrastructure between 2000 and 2024. While the annual IT investment has risen from an average of BDT 2,000 crore to over BDT 3,000 crore, the bulk of this expenditure-approximately 95%-has gone into hardware, software, networking, training, audits, and related infrastructure. Only 5% of the investment has been allocated specifically to cyber security.
Experts point out that although banks have made significant technological advancements over the past two decades, with 95% of banking transactions now digital and most banks offering mobile apps, the low investment in cyber security has left them increasingly exposed to attacks.
Dr. Shahadat Khan, a fintech entrepreneur, described the situation as “precarious.” He told The Daily Industry: “Bangladesh’s banking sector is digitizing rapidly, but cybersecurity remains inadequate. Our preparedness to prevent major cyberattacks is very weak. This vulnerability extends beyond banks to all organizations in the country. Hackers are exploiting these weaknesses to seize databases and demand ransom. Some institutions are even paying off the attackers. Bangladesh cannot progress with such fragile cyber security measures.”
Cyber attack Trends and Origins: The BIBM study revealed that in the 2023-24 period, Bangladesh’s banks faced between 145 and 630 cyber attacks daily. The origin of these attacks was largely international: China: 24%, North Korea: 13%, Russia: 12%, United States and Pakistan: 7% each, Romania and Turkey: 5% each, India, Taiwan, Hungary: 3% each, Domestic attacks: 2%. Additional attacks were traced to Brazil and other countries, highlighting the global scope of the threat.
Cyber attack Sources (Percentage of Total Attacks)
Types of Cyber attacks: The research identified at least 13 distinct types of organized cyberattacks in the banking sector, often exploiting weaknesses in security infrastructure. The most common types included: Advanced Persistent Threats (APT), Known vulnerabilities exploitation (non-vulnerability attacks), Malware attacks, Malicious terminals, Cross-site scripting (XSS), SQL injection, Backdoor installation, Spear phishing, Ransomware, Rootkits, Clickjacking, Distributed Denial-of-Service (DDoS) attacks. These attacks not only target bank systems but also directly affect employees. The study notes that 85% of attacks impact employee morale, while 53% disrupt daily operations.
Responsibility and Internal Vulnerabilities: Interestingly, many attacks involve internal personnel or service vendors. According to BIBM, 27% of cybercrimes in banks are executed by IT vendors. Unknown hackers are responsible for 24% of attacks, while internal bank employees are involved in 16%. Hacktivists also account for 16%, competitor institutions 11%, foreign states 7%, and customers 6%.
Dr. Khan emphasized that many bank chairpersons and managing directors lack adequate knowledge of IT and cybersecurity, which exacerbates the problem. “Over half of the banks are incapable of effectively preventing cyberattacks, yet no substantial corrective measures have been taken. IT staff often hesitate to present proposals to top management due to fear. Overcoming cybersecurity risks requires a shift in culture and proper financial investment,” he said.
Employee and Customer Awareness: Cyber security awareness among bank staff and customers is also inadequate. A survey in the BIBM study found that only 4% of bank employees achieved an excellent level of cyber awareness. Around 10% were very good, 16% good, 20% moderate, 22% poor, and 28% very poor. Among bank customers, only 7% demonstrated excellent awareness, 11% very good, 13% good, 15% moderate, 23% poor, and 31% very poor. This low awareness further exposes the sector to potential threats.
Central Bank Oversight: The Bangladesh Bank has taken steps to strengthen digital security. Arif Hossain Khan, Executive Director and spokesperson of the central bank, told The Daily Industry: “In recent years, the Bangladesh Bank has issued several policies on IT and cyber security and monitors whether banks comply. However, cyber attacks are constantly evolving globally, and despite preventing many attacks, some still succeed. Banks need more skilled personnel in technology sectors, and the central bank is working on this.”
Expansion of Digital Banking: Bangladesh’s banking infrastructure has grown substantially. As of March 2025, there were 16.57 crore deposit accounts and 1.34 crore loan accounts. Banks operate 11,381 branches, 12,925 ATMs, and 7,345 CRM systems. Additionally, 1,33,150 POS machines are deployed in retail outlets and restaurants.
Mobile financial services (MFS) agents number 14.3 lakh, with 14.5 crore MFS account holders, excluding “Nagad.” Agent banking outlets total 21,080. Collectively, nearly 50 crore bank accounts exist, with 4.34 crore debit cards, 2.95 lakh credit cards, and 70.39 lakh prepaid cards in circulation. Internet banking serves 1.13 crore customers, highlighting the scale and digital dependence of the banking sector.
Financial Impact of Cyber attacks: The study highlights that the majority of online fraud in Bangladesh’s banking sector involves SWIFT-related activities, accounting for 72% of incidents. Bank software is used in 20% of cases, ATMs and plastic cards in 3%, mobile banking and cheque processing in 2%, and internet banking in 1%.
The increasing dependence on digital systems makes cybersecurity a critical factor for both financial stability and public trust. The combination of sophisticated external attacks, internal vulnerabilities, and low awareness among employees and customers represents a significant risk to the country’s financial ecosystem.
Bangladesh’s banking sector is undergoing rapid digitization, which is essential for financial inclusion and efficiency. However, the surge in cyberattacks, primarily originating from China, North Korea, and Russia, coupled with internal vulnerabilities and low awareness, has exposed systemic weaknesses.
Experts and the central bank agree that strengthening cybersecurity through strategic investment, staff training, awareness programs, and robust oversight is essential to safeguard the country’s digital financial infrastructure. Without decisive action, the sector remains exposed to both financial and reputational risks, which could undermine confidence in Bangladesh’s burgeoning digital economy.
