“The risk that companies in the financial sector will fall victim to cyberattacks or that internal IT security incidents will occur is very big and very present,” BaFin president Mark Branson told a press conference.
In extreme cases, “such incidents could damage the stability of the financial system”, he said.
“Are we prepared for a really serious security incident? If we are honest, we don’t know,” Branson added.
Ukraine and its Western allies have been on heightened alert for potential Russian hacking attempts since Moscow invaded its neighbour on February 24th.
The “Five Eyes” intelligence sharing network — consisting of the United States, Britain, Canada, Australia and New Zealand — warned in April that “evolving intelligence” indicated Russia was planning massive cyberattacks against rivals supporting Ukraine.
The war in Ukraine “has made cyberattacks on the German financial sector more likely,” Branson told reporters in Frankfurt.
The Bafin watchdog is monitoring the situation closely, he said, in cooperation with Germany’s National Cyber Defence Centre. Bafin was also keeping financial firms updated on potential attack patterns, he said.
Last month’s “Five Eyes” alert said Russian state-sponsored cyber actors have the ability to compromise IT networks, to steal large amounts of data from them while remaining hidden, to deploy destructive malware and to lock down networks with “distributed denial of service” attacks.
The alert identified more than a dozen hacking groups, both parts of Russian intelligence and military bodies and privately operated, which present threats.
Germany has in recent years repeatedly accused Russia of state-sanctioned hacking efforts.
The most high-profile incident blamed on Russian hackers to date was a cyberattack in 2015 that paralysed the computer network of the lower house of parliament, the Bundestag, forcing the entire institution offline for days while it was fixed.
Russia denies being behind such activities.