Hackers Are A Growing Risk To Bank Ratings, S&P Says

By Lucia Osborne-Crowley
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Corporate Crime & Compliance UK newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!



Law360, London (May 25, 2021, 11:31 AM BST) -- The growing threat of cyberattacks in the wake of the COVID-19 pandemic and increased remote working could lead to banks having their ratings downgraded, S&P Global has warned.

The global ratings agency said in a report on Monday that the banking sector is more exposed to cybersecurity threats after a year of the coronavirus outbreak and the increased reliance on home working and digital technology. S&P also warned that banks should ramp up their protection against online crime.

"Cyberattacks have had only a limited effect on bank ratings to date, but could trigger more rating actions in the future as cyber-incidents become more frequent and complex," Irina Velieva, S&P Global Ratings credit analyst, said.

Virtual attacks can harm banks' ratings through damage to their reputation and, in some cases, loss of money, S&P said. 

The ratings agency added that the banking sector is a particularly attractive target for online criminals because lenders hold vast amounts of customers' personal data. That means that cybersecurity should become a higher priority for banks and financial services companies when they design strategies to manage risk, S&P said.

"We believe cyber-defense will become an increasingly important part of entities' general risk management and governance frameworks, in need of increasing spending and more sophisticated tools," the agency said.

Banks should focus on prevention and on finding ways to detect hacks before they become major cybersecurity problems, S&P added.

The ratings agency published a report in March showing that cyberattacks have become more sophisticated during the pandemic — and more frequent. The number of so-called distributed denial-of-service attacks — in which a hacker aims to shut or slow down a target by overwhelming its network or servers with a flood of data — has risen.

The Solicitors Regulation Authority warned in 2020 about cybercrime, particularly during the pandemic, after it found that criminals stole more than £4 million ($5.6 million) from law firms in England and Wales in three years.

Cyberattacks can cost companies hundreds of thousands of dollars, or even more. Insurance broker Hiscox said in April that 43% of the 6,000 companies in eight countries it surveyed had suffered a cyberattack in 2020, up from 38% in the 12 months before.

Interpol, the international policing body, warned in August of an "alarming" rise in online attacks during the pandemic, many of which targeted major corporations and governments. 

UK Finance, the trade body of Britain's banking and financial services sector, and the Financial Conduct Authority have been approached for comment.

--Additional reporting by Irene Madongo. Editing by Joe Millis.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!