Credit agencies look closer at how companies respond to cyberattacks

Rating firms are placing more weight on cybersecurity in determining a company’s creditworthiness

S&P Global Ratings analysts have already downgraded companies and government agencies that were hacked and failed to communicate important information due to outages, as well as the resulting financial damage of these attacks.

“Cybersecurity has become part of a company's reputation,” said Tony Asher, chief information security officer of Micah Group. “Credit bureaus, partnerships, customers and investors are considering reputation as part of their decision making process.”

Last April, S&P downgraded software company SolarWinds Corp. to a B rating from a B+ after a cyberattack in 2020 impacted several government and private-sector customers.

While SolarWinds communicated clearly and issued security fixes to customers, but the initial loss of clients, as well as new investment in security spending, hurt the business.

Fitch Ratings and Moody’s Investors Service have also issued reports and warnings on the impact of cyberattacks.

Learn more at wsj.com.