The banking sector is becoming more exposed to cybercrime after the COVID-19 pandemic accelerated digitalisation and remote working, says S&P Global Ratings in a report titled "Cyber Risk In A New Era: The Effect On Bank Ratings".
Cyber attacks can harm credit ratings, mainly through reputational damage and potential monetary losses. S&P's credit analyst, Irina Velieva, says, "Cyberattacks have had only a limited effect on bank ratings to date, but could trigger more rating actions in the future as cyber incidents become more frequent and complex."
As per the report, banks and other financial institutions are attractive targets for cyber criminals because they possess valuable personal data and play a critical role in servicing particular financial or economic needs and segments. Institutions with weak risk governance are less prepared for, and, therefore, more vulnerable to, cyber attacks, it says.
"In our analysis, we seek to understand how a financial institution manages its cyber risk exposure and how it would act after a potential attack to limit the damage. Although it is crucial to learn from previous attacks and strengthen cyber-risk frameworks in real time, the appropriate detection and remediation of attacks takes precedence because the nature of threats will continue to evolve," the report says.
S&P says it believes cyber defence will become an increasingly important part of entities' general risk management and governance frameworks, in need of increasing spending and more sophisticated tools.
"We acknowledge, however, that this might not be straightforward for many entities, especially the ones with weaker risk-control frameworks and insufficient budget allocated for cyber defence," the report concludes.