Cybersecurity and Credit Risk
Recent headlines confirm that cybersecurity attacks are an ever-present and growing risk to corporations, financial institutions, governments, and other entities. According to Specops Software research, the U.S. was the most targeted country for cyberattacks between May 2006 and June 2020, followed by the United Kingdom and India. Even corporations and countries in which key economic agents and the government spend a substantial amount of time and resources on comprehensive cybersecurity plans and infrastructure are exposed to significant risks.
Assessing an issuer’s management performance and capability has long held a prominent role within Kroll Bond Rating Agency’s (KBRA) credit process. In KBRA’s view, it is important for an issuer’s management team to understand its environmental, social, and governance (ESG) risk profile to mitigate or capitalize on relevant ESG risks and opportunities. KBRA has identified a subset of the most common ESG factors that can be credit-relevant for corporate, financial, and government issuers. These risks include, but are not limited to, stakeholder preferences and reputational risk, climate risk, and cybersecurity risk.
In this report, KBRA focuses on the increased exposure to cybersecurity risk that corporates, financial institutions, and government issuers face, as well as the potential credit implications. Through our research, we have developed potential questions to assess the quality of an issuer’s cybersecurity systems, which are included at the end of this report.
TO DOWNLOAD THE FULL REPORT, PLEASE CLICK HERE.