Firms will increasingly risk credit rating downgrades if they fail to take cyber-security risks seriously, according to a senior figure at S&P Global.
Laura Deaner, global chief information security officer at the leading rating agency (SPGI), highlighted the risk to investment for firms not protecting themselves sufficiently against cyber-threats.
She was speaking at an event on cyber-security at the World Economic Forum (WEF) summit of global business, political and civil society leaders in Davos, Switzerland.
Organisers say the annual cost of cyber-attacks is expected to reach $6tn by 2021.
Panel chair Samir Saran, president of the Observer Reach Foundation security think tank, asked Deaner: “Do you think increasingly this will become a marker for investments, for credit ratings?"
Deaner replied: “Yes I do. We actually saw a downgrade of Equifax for instance by our competitor Moody’s.
“So they downgraded Equifax, and Equifax has been dealing with it since then. They’ve been doing a phenomenal job dealing with it. So this is a way of incentivising.”
Credit reporting firm Equifax was hit by a significant data breach in 2017, with a reported 147 million customers affected.
Moody’s said its decision to downgrade its rating outlook on the company was the first time cyber-security had been a factor in one of its decisions to change a rating.