Cybersecurity is becoming an increasingly important part of credit rating assessments as credit rating agencies assess the risks facing companies.
The potential impact of cyberattacks on a company’s creditworthiness is “real and significant”, according to Scott Kessler, global sector lead for technology, media, and telecommunications at investment research firm Third Bridge. Companies are dedicating more resources to cybersecurity, and in many cases, it is a requirement to have certain protections in place.
Cybersecurity is still a relatively small part of credit rating assessments, but experts say that companies need to be focused on cybersecurity as they try to mitigate risks and assure lenders that they are doing so.
Companies that deal with any type of risk in their business model need to focus on cybersecurity, as what they do from a cyber policy and staffing standpoint is crucial to how attractive they are for investments and doing business.
Colby Stilson, partner, portfolio manager, and co-head of the global taxable fixed income team at Brown Advisory, said that if a company has a breach and does not have the right governance in place to avoid risk, there are very real monetary damages associated with that kind of event.
An event catastrophic enough could lead to the downgrade of a company’s credit rating, with massive implications for the company’s cost of capital and investors in its bonds.
Smaller companies are not investing as much in cybersecurity as their larger counterparts, according to Lesley Ritter, a vice president and senior credit officer leading cyber risk for Moody’s Investors Service.
Gerry Glombicki, senior director at Fitch Ratings’s insurance group, said that humans are the most significant source of risk for cyber incidents.
While companies can enable multi-factor authentication, give staff awareness training or buy anti-virus software to prevent a hack, if the wrong person clicks on the wrong link, all of that stuff doesn’t matter.
Recent victims of cyberattacks, such as Equifax and SolarWinds, said that they’ve been able to bounce back by focusing on cybersecurity investments.
