The reason firms may take cyber-threats more seriously in the 2020s

Tom Belger
Finance and policy reporter
A senior S&P Global figure warned over credit ratings and cyber-security. Photo: ALASTAIR PIKE/AFP via Getty Images

Firms will increasingly risk credit rating downgrades if they fail to take cyber-security risks seriously, according to a senior figure at S&P Global.

Laura Deaner, global chief information security officer at the leading rating agency (SPGI), highlighted the risk to investment for firms not protecting themselves sufficiently against cyber-threats.

She was speaking at an event on cyber-security at the World Economic Forum (WEF) summit of global business, political and civil society leaders in Davos, Switzerland.

Organisers say the annual cost of cyber-attacks is expected to reach $6tn by 2021.

READ MORE: Tech platforms benefit from ‘hate, abuse, and exploitation’

Panel chair Samir Saran, president of the Observer Reach Foundation security think tank, asked Deaner: “Do you think increasingly this will become a marker for investments, for credit ratings?"

Deaner replied: “Yes I do. We actually saw a downgrade of Equifax for instance by our competitor Moody’s. 

“So they downgraded Equifax, and Equifax has been dealing with it since then. They’ve been doing a phenomenal job dealing with it. So this is a way of incentivising.”

Credit reporting firm Equifax was hit by a significant data breach in 2017, with a reported 147 million customers affected.

Moody’s said its decision to downgrade its rating outlook on the company was the first time cyber-security had been a factor in one of its decisions to change a rating.