Given all the things that could hurt public finance institutions' credit ratings, a cyberattack need not be one of them, advises S&P Global Ratings.
“Attacks on state and local governments, utilities, hospitals, and schools underscore the vulnerability of the nation's infrastructure to well-designed cyberattacks,” the credit rating firm said in a report issued March 13 on how to beef up cybersecurity.
Although no cyberattack has caused a change in a U.S. public finance entity's rating so far, “we do see these attacks as introducing additional credit risk,” said the report, adding that S&P frowns on institutions keeping data breaches — or attempts — under wraps.
“We encourage full disclosure of any attack and will be asking about such events in our rating and surveillance meetings,” the report said.
This isn't the first time S&P has asked debt issuers about cybersecurity risks, Geoffrey Buswick, sector leader for U.S. public finance at S&P Global Ratings, said in an email.
But due to the “increasing frequency of these events,” it issued its report to address questions from issuers and industry trade associations, Mr. Buswick added.