Cyber risk is becoming increasingly relevant to insurer credit ratings, according to a new report from S&P Global Ratings.
S&P cited the Colonial oil pipeline attack in the U.S. in late spring as an example of the disturbing trend. The pipeline attack hampered oil deliveries on much of the U.S. East Coast for days, highlighting “the growing sophistication” and ramifications of cyber attacks as they evolve, S&P said.
“Even since the Colonial attack, there have been attacks on rated entities involving the insurance sector in Asia, a European truck lease provider, a French distressed debt purchaser and a global food company,” S&P noted. “All involved ransomware demands and highlighted attackers’ ability to choose targets without regard to geography or sector.”
Overall, S&P said it has noted “more credit-relevant cyber events in the last six months than in the previous six years.”
What can be done to mitigate this? S&P said “robust cybersecurity” remains vital,” with a focus on mitigating or preventing attack in areas including internal governance and IT software. S&P added that prompt remedial action, active detection, C-Suite support and a better understanding of risks from supply chains or third-party providers is also paramount.
S&P’s full report is “Cyber Risk in A New Era: The Increasing Relevance of Cybersecurity.”