Cyberattacks have had a modest impact on bank ratings to date, but if cyber incidents become more frequent and complicated, they may prompt more rating actions in the future.
According to S&P Global Ratings, after the Covid-19 Pandemic accelerated digitalisation and remote working, the banking sector is becoming more vulnerable to cybercrime and this can impact its ratings.
In a report titled ‘Risk In A New Era: The Effect On Bank Ratings.’ the ratings agency stated that cyber attacks can impair credit ratings primarily through reputational damage and significant monetary losses.
Banks and other financial organisations are potential targets for cyber attackers because they hold valuable personal data and serve specific financial or economic requirements and segments.
Commenting on the report, Credit Analyst Irina Velieva, said “Cyber attacks have had only a limited effect on bank ratings to date but can trigger more rating actions in the future as cyber incidents become more frequent and complex,”
Muted Governance
Institutions with poor risk governance are less prepared for cyber attacks and thus more vulnerable, according to the report.
S&P said that “Although it is crucial to learn from previous attacks and strengthen cyber-risk frameworks in real time, the appropriate detection and remediation of attacks takes precedence because the nature of threats will continue to evolve,”
According to S&P, cyber defence will become a more critical aspect of entities’ general risk management and governance frameworks, necessitating increased expenditures and more advanced tools.
Banks are under Threat
According to the RBI’s annual report for 2019-20, the amount involved in banking frauds increased 2.5 times from Rs 71,500 crore in 2018-19 to Rs 1.85 lakh crore in 2019-20.
The Internet banking system is made up of many different applications, networking devices, internet service providers, and several entities. All of them are possible entry points for hackers.
Several banks and financial institutions rely on merchants and fintechs to provide third-party services. If those outsider merchants don’t have adequate cybersecurity in place, the bank could find itself in problem.
Spoofing is the process of hackers recreating a website that appears and functions exactly like a financial institution’s website’s URL. When clients enter their login information on a spoofed website, the data is stolen and used by fraudsters later.
Cybercriminals can perpetrate fraud using a person’s personal and financial information. A bank’s data breach might result in the bank’s customers’ information being sold or acquired on the dark web by other cybercriminals.