Cybersecurity and Credit Risk
Insider Engage, is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2023

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Cybersecurity and Credit Risk

Hacker attacking internet
Credit:Milan_Jovic/Getty Images

Recent headlines confirm that cybersecurity attacks are an ever-present and growing risk to corporations, financial institutions, governments, and other entities. According to Specops Software research, the U.S. was the most targeted country for cyberattacks between May 2006 and June 2020, followed by the United Kingdom and India.[1] Even corporations and countries in which key economic agents and the government spend a substantial amount of time and resources on comprehensive cybersecurity plans and infrastructure are exposed to significant risks.

Assessing an issuer’s management performance and capability has long held a prominent role within Kroll Bond Rating Agency’s (KBRA) credit process. In KBRA’s view, it is important for an issuer’s management team to understand its environmental, social, and governance (ESG) risk profile to mitigate or capitalize on relevant ESG risks and opportunities. KBRA has identified a subset of the most common ESG factors that can be credit-relevant for corporate, financial, and government issuers. These risks include, but are not limited to, stakeholder preferences and reputational risk, climate risk, and cybersecurity risk.

In this report, KBRA focuses on the increased exposure to cybersecurity risk that corporates, financial institutions, and government issuers face, as well as the potential credit implications. Through our research, we have developed potential questions to assess the quality of an issuer’s cybersecurity systems, which are included at the end of this report.


[1] The countries experiencing the most ‘significant’ cyber-attacks