S&P GLOBAL RATINGS warned of emerging risks to banks’ credit ratings caused by the rise of cyberattacks during the pandemic.

The ratings agency in a note titled “Cyber Risk In A New Era: The Effect on Bank Ratings” said it would gauge the cyber risks of a financial institution both at the system-wide and entity-specific level.

“Cyber attacks have the potential to harm credit ratings through reputational damage as well as monetary loss. Nevertheless, in the event of a large-scale attack on a systemic bank or several large institutions we could foresee governments taking measures to stabilize the sector,” S&P said in a report.

Based on data from S&P and US based Guidewire Software, Inc., financial institutions (26%) received the most frequent cyberattacks from 2016 to 2020, followed by other sectors such as public administration (13%) and healthcare (11%).

From a system-wide banking analysis, events including repeated, serious breaches of security in a given country, or a sense of a more reactive than proactive response from financial institutions in strengthening cybersecurity frameworks could be a risk to bank ratings.

Meanwhile, bank-specific factors that may have an impact on assessment of bank ratings include impaired business stability due to loss of confidence from an attack and material losses that could hurt lenders’ capitalization due to cyber events.

S&P said cyber risks may also be exposed through structural weakness of banks’ risk management and reputational damage caused by a cyber event that could lead to sudden outflows of clients’ funds in an extreme scenario.

“In our view, the key to cyber resilience lies in risk management action, both before and after an attack,” the ratings agency said.

Bangko Sentral ng Pilipinas Governor Benjamin E. Diokno said earlier this month that a major cyberattack could affect the stability of the financial system. He vowed that the central bank would remain vigilant against new cyberthreats.

In April, the central bank required its supervised financial institutions to report within five calendar days from determination of an incident events that affect banks’ reputation.

A study by the Anti-Money Laundering Council on financial crime trend during the early part of the pandemic showed cases such as skimming, phishing, and unauthorized transactions made up 49% of suspicious transaction reports in the first few months of the pandemic. — Luz Wendy T. Noble