Banks' IT complexity amplifies cyber risk

European banks have a potentially amplified vulnerability to cyber attacks due to the complex mix of new and legacy tech, common to the sector.

This is according to analysis conducted by S&P Global Ratings, which showed that, in the rare circumstances in which a major attack was successful at a large bank, a lender might suffer a loss, directly attributable to the event, of as much as 7% of its equity value - the kind of loss that could prove material to the assessment of a bank's credit quality.

The report, compiled using data from cyber security specialist Guidewire, highlights the inherent susceptibility of banking operations to cyber risk due to their hosting of sensitive data, exposure to reputational risk, and the possibility of regulatory punishment.

"Those dangers demand that a bank's cyber preparedness be considered when assessing creditworthiness," said S&P Global Ratings credit analyst Benjamin Heinrich. "And we consider that the complexity of many banks' IT systems, and a shortage of cyber security expertise and investment has compounded risks faced by the European banking sector."

    Share Story:


Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023

Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.