Bigger banks aren’t necessarily better protected from cyber threats, according to a new report from Fitch Ratings.
In a report produced along with cyber-risk assessment company Security Scorecard, Fitch examined almost 500 banks, representing 70% of global banking assets.
Among other things, Fitch found that “big banks are not automatically well equipped to combat the rapidly growing problem of cybercrimes.”
While bigger banks have more resources, that’s not necessarily a proxy for adequate cybersecurity, the rating agency noted.
“Larger banks are more likely to have complex and also legacy IT infrastructure compared to smaller banks, which could increase cybersecurity risk if not properly managed,” said Christopher Wolfe, managing director at Fitch, in a release.
The review also found that banks with higher credit ratings typically have better cybersecurity scores than banks with weaker ratings, Fitch said.
Banks based in developed markets tended to score higher on cybersecurity, and with less variability, than emerging market banks.
Fitch noted that it has never downgraded a bank solely because of a cybersecurity breach, but a “material” breach is an event risk that could have rating implications.
“Cyber breaches have resulted in heightened rating sensitivities for banks, indicating that their ratings are at more risk of a downgrade as a result of the breach,” Fitch said.