‘Digitalization further exposes banks to cybersecurity risks’
Increased digitalization and accelerated work-from-home arrangements in response to the COVID-19 pandemic may further expose the banking industry to cybercriminal activities, according to S&P Global Ratings.
In a report, S& P analyst Irina Velieva said cyberattacks could harm the credit ratings of financial institutions mainly through damage and potential monetary losses.
“Cyberattacks have had only a limited effect on bank ratings to date, but could trigger more rating actions in the future as cyberincidents become more frequent and complex,” Velieva said.
The debt watcher said banks and other financial institutions are attractive targets for cybercriminals because they possess valuable personal data and play a critical role in servicing particular financial or economic needs and segments.
It warned institutions with weak risk governance are less prepared for, and therefore more vulnerable to cyberattacks.
Although it is crucial to learn from previous attacks and strengthen cybersecurity risk frameworks in real time, S&P said the appropriate detection and remediation of attacks takes precedence because the nature of threats continue to evolve.
“We believe cyberdefense will become an increasingly important part of entities’ general risk management and governance frameworks, in need of increasing spending and more sophisticated tools. We acknowledge, however, that this might not be straightforward for many entities, especially the ones with weaker risk-control frameworks and insufficient budget allocated for cyberdefense,” S&P said.
The international rating agency said a large-scale cyberattack could potentially have a considerable impact on an institution’s ability to service its obligations in full and on time.
“The financial industry is a key target of cybercriminals because banks and other financial institutions store sensitive personal data and possess valuable information regarding financial transactions. Increasing digitalization in the banking system, and accelerated work-from-home arrangements in response to the COVID-19 pandemic, have further exposed the industry to cybercriminal activity by significantly increasing online communication,” it said.
US-based software company Guidewire said that most publicly available cybersecurity incidents at financial institutions are related to data breaches. The number of ransomware attacks is also on the rise.
Relatively large financial institutions continue to be the most frequent targets of reported successful attacks, accounting for 26 percent followed by public administration with 13 percent, health care with 11 percent, education and research with nine percent, manufacturing with seven percent, among others.
S&P said a bank’s business stability could be impaired by loss of customer confidence as a result of a successful attack.
It added potential losses from cyber events could lead to material losses and, in turn, hurt a bank’s capitalization. Poorly managed cyber risks could expose structural weaknesses of a bank’s risk management.
“We also consider the ability to manage and prevent cybersecurity risks as part of our management and governance assessment,” S&P said.