CONTRARY to common expectations, big banks are not automatically well-equipped to combat the rapidly growing problem of cybercrimes.
An analysis jointly conducted by Fitch Ratings and SecurityScorecard, a leading cybersecurity risk assessment company, has revealed that banks with higher credit ratings typically exhibited better cybersecurity scores than banks with lower credit ratings, while developed market banks scored higher with less variability vs emerging market banks.
Nevertheless, the most surprising conclusion in Fitch’s sample analysis is that financial size in terms of assets or operating income is not necessarily a good predictor of cyber health.
“Larger banks are more likely to have complex and also legacy IT (information technology) infrastructure compared to smaller banks which could increase cybersecurity risk if not properly managed,” Fitch Ratings’ managing director Christopher Wolfe pointed out.
The international rating agency has collaborated with SecurityScorecard to gain insights into bank cyber risk management and their relative vulnerability to a cyber event.
SecurityScorecard provides an “outside-in” view of an entity’s cyber hygiene, enabling market participants to understand cybersecurity risk in a transparent way with continuous cybersecurity scores.
Using SecurityScorecard’s cybersecurity scores, Fitch analysed 484 banks across the world, representing US$111 tril of aggregate assets or 70% of global banking assets.
Cybersecurity risk is a subset of the risk controls and risk appetite component of Fitch’s bank rating criteria.
A material cyber breach would represent an event risk which could have rating implications.
While Fitch has not downgraded a bank solely in response to a cybersecurity event to date, cyber breaches have resulted in heightened rating sensitivities for banks, indicating that their ratings are at more risk of a downgrade as a result of the breach.
“Cybersecurity risk scores bring visibility into this opaque risk, and these insights can help spotlight vulnerabilities,” suggested Wolfe. – April 14, 2021