Russia/Ukraine war increases spillover risks of global cyberattacks
Cyberattacks on businesses and government agencies have increased following the Russian invasion of Ukraine, with the risk of spillover cyberattacks against non-primary targets becoming much more widespread.
Heightened risk exists particularly for issuers conducting business in these countries or with their governments, as well as for entities or countries that impose sanctions or deemed to interfere, says Fitch Ratings.
Potential targets include critical infrastructure such as financial services, governments and utilities. The 2017 NotPetya attack is an example of a cyberattack that underscores the spillover risk to entities outside of Ukraine. That attack initially targeted Ukrainian government and financial entities but ultimately affected computer systems across the globe, costing billions of dollars in damages.
The current conflict amplifies the broader trend of increased volume, size and sophistication of attacks, with corresponding significant financial, reputational and legal risks to issuers. Corporate IT teams handled 623 million ransomware attacks in 2021, up 105% YoY, according to security vendor SonicWall.
The firm reports an 1,885% increase in attacks on government targets, healthcare (755%), education (152%) and retail (21%). Issuers that focus on cyber resiliency, continual threat assessment and business continuity/disaster recovery while working with industry partners and segmenting their IT infrastructure to reduce cyber risks should be best prepared to mitigate the damage from potential attacks.
In assessing the credit impact of a cyber event, Fitch will focus on rating headroom relative to previously established rating sensitives, which may include sustained payment interruption, changes in access to funding, potential impact on an entity’s operations and lasting effects on its franchise or reputation. While Fitch views an increase in cyber attacks as a credit negative, every incident will be evaluated within the context of each issuer’s credit profile.
Cyber insurance is key risk management tool. However, increased scrutiny regarding “acts of war” exclusions in policies has led insurers to clarify cyber policy language and address “silent cyber” issues by adopting wording that specifically excludes or affirms coverage of cyber events. Insurers have also incorporated coverage sublimits for cyber insurance, increased premiums, and/or required stronger cyber hygiene for the insured.
Government agencies globally have highlighted increased cyber risk amid the deepening crisis. Earlier this year, the U.S. Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the National Security Agency issued a joint advisory, warning critical infrastructure entities of increased risk of Russian state-sponsored attacks.
The U.S. Department of Homeland Security warned in a Jan. 23 memorandum that operators of public infrastructure could be targeted as a result of geopolitical tensions. In the past month, the UK’s National Cyber Security Centre and Financial Conduct Authority warned large organizations to bolster their cyber defenses and the European Central Bank asked banks to strengthen their cyber hygiene measures. The Australian Cyber Security Centre has also encouraged organizations to urgently adopt an enhanced cybersecurity position. This is a fluid situation that Fitch is closely monitoring.