Cyberattacks against financial institutions have become an increasingly important risk factor, and institutions that provide trade execution, clearing and settlement services are more vulnerable to attacks aiming for system disruption because of their interconnectivity with the financial system.
“Cyber risk is a growing threat that can adversely affect credit ratings as attacks can compromise customer data and disrupt websites, with detrimental financial or operational consequences for individual issuers and financial systems,” said Fitch Ratings analysts in a recent report. “Related reputational damage may weaken business and access to funding and capital markets.”
In the U.S., the chair of the Securities and Exchange Commission has said cyber-security poses the biggest risk to the financial system. Under the European Union’s General Data Protection Regulation, which takes effect in May next year, banks can face fines of up to 4% of their global turnover for security breaches; any organization that uses data from EU citizens has to comply with the rule. Fitch sees that some organizations, like The International Organization of Securities Commission’s Committee on Payments and Market Infrastructures, are seeking more coordination at the international level to combat the issue. The European Central Bank reports that the average lag until a breach is detected was 146 days in 2016, a drop from 205 days in 2014.
“As information is shared across firms, cyber risk detection and response plans could improve, but coordination does not ensure that risks can be fully contained,” Fitch notes.
The use of cyberinsurance to mitigate some of the damage from cyberattacks is on the rise, reaching about $1 billion in premiums in 2015 and expected to continue growing, though protection against reputational damage is more difficult to protect against, Fitch says.
– Nicholas Stern, senior editor