Singapore, Sep 19 (ANI): The key to cyber risk resilience is a combination of risk management actions -- both pre- and post-attack -- according to a report by S&P Global Ratings.
There are a number of high profile and state-backed sectors for which prevention is crucial, given the frequency and impact of such attacks, said the report titled 'Cyber Risk In A New Era: Remedy First, Prevent Second.'
These may include the utilities sectors, financial service companies, healthcare providers, infrastructure, local governments and other providers of public necessities.
However, for most corporates and financial institutions, given the importance of reputation and customer confidence, appropriate detection and risk management in the wake of an attack can be the key differentiating factor to prevent a balance sheet event from escalating to one that affects an entity's brand, reputation or wider business profile.
"Although it is crucial to learn from previous attacks and strengthen cyber risk frameworks in real-time, the appropriate detection and remediation of attacks takes precedence as the nature of threats will continue to evolve," said S&P Global Ratings credit analyst Simon Ashworth.
"Entities that do not have a well-tested playbook to help define and shape their activities following an attack will be disadvantaged and could become more exposed to future attacks," he added.
"Leadership, communication and external transparency are key to limiting the damage caused by a cyber attack. From a credit perspective, we believe that these factors are the most important in limiting potential rating changes post-attack," said Ashworth.
Attacks that disrupt or inhibit operations (potentially cloud-based attacks, malware or denial of services) may have a more meaningfully negative effect on credit ratings than those that target the theft of customer data, especially in the case of less material reputational damage or data-related regulatory fines.
In such cases, S&P Global Ratings, the bar for swift and appropriate action is even higher to avoid negative credit rating actions.
As attacks become more prevalent, entities that handle them well will ensure a better outcome, in terms of both protecting profitability streams as well as their reputation with customers.