Cyberattacks could trigger more rating actions on banks, says S&P

Cyberattacks could trigger more rating actions on banks as such instances rise in frequency and become complex. They could harm ratings, mainly through reputational damage and potential monetary losses, according to Standard and Poor's.

The banking sector is becoming more exposed to cybercrime after the Covid-19 pandemic accelerated digitalization and remote working.

Rating agency said banks and other financial institutions are attractive targets for cyber criminals because they possess valuable personal data and play a critical role in servicing particular financial or economic needs and segments. Institutions with weak risk governance are less prepared for, and therefore more vulnerable to cyberattacks.
 

It is crucial to understand how a financial institution manages its cyber risk exposure and how it would act after a potential attack to limit the damage.

There are learnings from previous attacks and strengthening of cyber-risk frameworks in real time. Yet, the appropriate detection and remediation of attacks takes precedence because the nature of threats will continue to evolve, S&P said.

Cyber defense will become an increasingly important part of entities' general risk management and governance frameworks, in need of increasing spending and more sophisticated tools. However, this might not be straightforward for many entities, especially the ones with weaker risk-control frameworks and insufficient budget allocated for cyber defense.

The most publicly available cyber incidents at financial institutions are related to data breaches. The number of ransomware attacks is also on the rise. Relatively large financial institutions continue to be the most frequent targets of reported successful attacks.
 

No financial institution is immune to damaging cyber events. The institutions that do not invest enough in cyber security could be attacked frequently and successfully, it added.