As tensions rise over Russian actions in the disputed territories of Ukraine there has been a warning that the country faces the potential for a wave of cyber-attacks.
S&P Global Ratings has warned that it sees a heightened risk of additional cyber- attacks on Ukraine as the use of cyber warfare becomes a part of a nation’s military armoury. And it has warned that the threat of such attacks has the potential to spread above and beyond national borders.
In its latest report S&P said: “Cyber-attacks are becoming a more prevalent means of achieving foreign policy objectives, given their lower deployment costs relative to conventional military tactics and uncertain scope for retaliation. These attacks often undermine confidence in key institutions and infrastructure, which implies wider credit implications across sectors and geographies.
“This was the case in 2017 when a malware called “NotPetya” was distributed in Ukraine and caused weeks of disruption for about 7,000 companies across 65 countries globally, with estimated economic losses of $10 billion from disruption to operations and supply chains, cost of recovery and lost revenue. We believe that the economic impact from such an attack for entities could be more severe now, given increased interconnectedness and digitalization. We consider that issuers with weaker cyber governance and risk management are more exposed to rating implications”.
Cyber-attacks have become a key element of geopolitics, involving state and nonstate actors. The frequency and severity of cyber events are rising rapidly, and their impact ranges from mild disruption of activities to influencing regime change and attacks on critical physical infrastructure. The difficulty in identifying the source and motive of attacks makes nearly all rated sovereigns vulnerable to a geopolitically motivated attack. Advanced and developing economies alike are at risk.
It added given the still-ambiguous “act of war” exclusion clauses in insurance policies, we are monitoring potential credit impact of cyber-attacks on insurers and policyholders.
“Such an attack could create knock-on effects for corporations, governments, and other parties in the region and beyond,” said S&P Global Ratings credit analyst Zahabia Gupta. “We are monitoring if such attacks could spill beyond the country’s borders and their potential credit implications.”
The report added: “In the most severe scenario of military escalation, we consider that there could be disruptive cyber attacks on critical infrastructure in Ukraine, including communications and power systems, similar to the invasion in Crimea in 2014. However, even in a milder scenario where tensions de-escalate on the back of diplomatic efforts, we may still see cyber-attacks. Following the recent defacement of government websites and malware incidents in January 2022, Ukraine has reported attacks against websites of state-owned Oschadbank and Privatbank, the ministry of defence, and its armed forces in mid-February originating from several countries.
“There have also been several reports of possible cyber-attacks on the U.S. and EU financial sectors.”