The Increasing Credit Relevance of Cybersecurity
Firms should seek to learn from past cyberattacks and take active measures to prevent and detect future threats. Given the importance of cyber-risk governance for credit ratings, the benefits of robust cybersecurity will likely extend beyond the digital realm.
LONDON – The recent ransomware attack that shut down the Colonial Pipeline in the United States exemplifies the growing sophistication of cyberattacks over the past 12 months. Ever since the Colonial attack, there have been attacks involving the insurance sector in Asia, a European truck lease provider, a French distressed debt purchaser, and a global food company. All involved ransomware demands and highlighted attackers’ ability to choose targets without regard for geography or sector.
Nor are attacks limited to listed firms: sovereign states and public institutions are acutely vulnerable, too. We have seen attacks on the US city of Hartford, numerous Texas school districts, and, more recently, on the Irish health-care system.
Not surprisingly, cyber risk is becoming an increasingly important factor in determining credit ratings. At S&P Global Ratings, we have seen more credit-relevant cyber events in the last six months than in the previous six years, and we routinely reflect on recent cyber developments to sharpen our focus. Our most recent assessments have reinforced many of our previous views, but our perspective on managing cyber risk continues to evolve.