Rising cyber risk in the securities sector poses a possible threat to the broader financial system, says Moody’s Investors Service.
In a new report, the rating agency said that the increasing digitization and interconnectedness of both securities firms and market infrastructure providers makes the sector “highly vulnerable to cyberattacks,” which could also represent a system-wide risk.
The list of possible attackers includes ideologically motivated hacktivists, criminals, nation states and insiders, Moody’s said.
The rating agency noted that hackers’ efforts are increasing and becoming more sophisticated “as the digitization of financial transactions creates a more target-rich environment.”
While the sector is well aware of the risk and deploys significant resources designed to detect, defend against and respond to cyberattacks, “sooner or later a damaging large-scale attack will occur,” Moody’s said.
Moody’s warned that the impact of such an attack could be substantial, both for the affected firm and for the financial system overall, noting that “a single, significant cybersecurity misstep could have material adverse business and credit consequences.”
“Much of the direct effect on a targeted company will depend on the nature, duration and severity of the attack, as well what allowed it to succeed. Any successful attack is likely to have financial, contractual, reputational and regulatory consequences,” Moody’s added.
For systemically important entities, such as central counterparty clearing houses (CCPs), Moody’s said that “the impact on counterparties and potential for government support will also come into play.”