March 12, 2024 (MLN): One-third of Fitch Ratings’ portfolio of local and regional governments (LRG) and policy government-related entities (GRE) have been affected by cyber incidents, according to a new report that outlines cases of cyber incidents and how these can affect ratings.
National governments are supporting sub-nationals to set up defenses against cyberattacks and the associated reputational costs that are growing concomitantly with the increase in digitalization of service provision.
Fitch believes there is a non-negligible risk of underfunding as allocations to provide training, build up cyber-defense systems and make provisions to cover possible losses compete with more traditional budgetary spending.
Almost none of the surveyed international public finance (IPF) issuers had to borrow to cover cyber-related costs or had incidents so severe to warrant a negative rating action, apart from JSC Ukrainian Railways (CC) for cyber concerns related to the war between Russia and Ukraine.
However, low exposure in some countries in Asia-Pacific may reflect heterogeneous reporting standards, i.e. differences in what constitutes a cyber incident, and disclosure obligations, i.e. when issuers are mandated to make incidents public.
Actual cyber incidents or issuers’ perceived cyber weaknesses can negatively affect their rating and their Standalone Credit Profile via supply (cost) or demand (revenue) risk drivers. These would also be reflected in Fitch’s observational ESG considerations scores.
