Banks are a "natural target" for cyber criminals and could see their credit ratings cut if they have weak defences or they are hacked, Standard & Poor's warned. "We view weak cybersecurity as an emerging threat that has the potential to pose a higher risk to financial firms in the future, and possibly result in downgrades," the ratings agency said on Tuesday.
S&P's credit analyst Stuart Plesser said banks' retail presence, the value of the data they hold and their role in the financial system made them "natural targets facing a high threat of cyber-risk" and a successful attack could create reputational risk and "serious monetary and legal damages."
S&P said although some banks' systems had been breached by cyber criminals, it had not taken ratings action against any bank because the breaches had not caused significant reputational or monetary damages. It said it viewed the global credit risk of a cyberattack as 'medium' because large banks have taken appropriate steps to mitigate known risks. "Among those steps are making it a high internal priority to install the proper measures to defend against attacks and upping the budget for cyberdefense," Plesser said.