Cybersecurity threats are an increasing credit risk for U.S. financial institutions, says Moody’s Investors Service in a new report published on Wednesday
The credit rating agency recently surveyed U.S. banks to assess how they conduct cybersecurity. Among other things, that survey finds that external cybersecurity firms are banks’ first, and main, line of defense against cyber attacks. Banks are leaning heavily on external firms due to a lack of in-house expertise, the Moody’s report says.
In particular, the survey finds that banks use on average 12 cybersecurity vendors for a variety of services. “Given that many cyber defense firms are at the forefront of identifying, and resolving, new risks, this is a positive for banks,” the Moody’s report says.
However, relying on outside vendors has potential shortcomings, the report notes. “For example, a vendor may not provide services which are customized and flexible for all potential scenarios,” the Moody’s report says. “As such, we expect banks’ internal cybersecurity teams to grow as internal competencies improve, yet vendors will continue to plan an important long-term role.”
Additionally, the survey finds that the boards at most financial institutions only began placing a high priority on cybersecurity in the past few years, and most banks now have incident response plans in place to deal with cyber attacks.
“Cyber attacks can have serious tangible consequences for banks, exposing them to legal action, regulatory scrutiny, fines and other unexpected expenses,” says Jason Grohotolski, vice president and senior credit officer at Moody’s, in a statement. “Moreover, a bank’s reputation for reliability and safety is at stake.”
Photo copyright: rabbit75123/123RF