Digital opening raises cyber risks, says S&P

MANILA, Philippines — S&P Global Ratings said the threat of cyberattacks is rising in Asia Pacific, prompting the need for industry-wide and cross-border information sharing to strengthen cybersecurity in the region.

In a commentary titled “Asia Pacific Banks’ Digital Opening Raises Cyber Risks,” S&P said increasingly interconnected banking systems are exposed to incursions that are rising in frequency, scale and sophistication.

“While we believe banks in the region are reasonably prepared to manage such risks, an institution could be badly damaged in an attack, monetarily and reputationally,” the debt watcher.

According to S&P, Asia Pacific regulators need a dogged determination to understand and manage risks to prevent attacks.

“This points to the need for collaboration, and cross-border information sharing to build cyber resilience across entities to prevent systemic risk. Regulators are key to setting standards for banks, and guiding them toward collaboration,” it said.

The Philippines, for one, continues to step up its efforts to address cybersecurity risks.

As early as 2017, the Bangko Sentral ng Pilipinas (BSP) issued a circular addressing internet threats.

The circular highlights the role of the board and senior management to create sound information-security governance, including a strong security culture.

Furthermore, S&P pointed out that the central bank also tightened the reporting regime of supervised institutions.

Under the guidelines, the BSP requires entities to disclose cyberincidents within two hours, tightened from a prior standard of 10 calendar days.

“Faster reporting aims to enhance the industry responsiveness. The central bank has also fine-tuned its policies to promote automated, real-time systems to detect fraud,” S&P added.

The credit rating agency said the region’s more open and interconnected banking systems raise the threat of hacks and data breaches.

It said financial institutions are increasingly on the cloud, sharing client data with a fintech firm, or relying on third-party service providers. With the addition of each new partner into a digital system, hackers get a new point of entry.

“The pandemic has also conditioned much of Asia Pacific to work from home, and to get their financial services on the internet. As banking moves online, the scope for cyber attacks rises,” S&P said.

On top of creating direct monetary losses, the debt watcher said that data breaches damage the reputation of a bank and could hit a bank’s credit profile.

“In jurisdictions where the entire industry incurs repeated, serious data breaches, or where regulators are particularly lax, we may downgrade our rating scores on all banks,” it warned.