Large banks vulnerable to cyber threats: report

By James Langton | April 13, 2021 | Last updated on April 13, 2021
1 min read

Bigger banks aren’t necessarily better protected from cyber threats, according to a new report from Fitch Ratings.

In a report produced along with cyber-risk assessment company Security Scorecard, Fitch examined almost 500 banks, representing 70% of global banking assets.

Among other things, Fitch found that “big banks are not automatically well equipped to combat the rapidly growing problem of cybercrimes.”

While bigger banks have more resources, that’s not necessarily a proxy for adequate cybersecurity, the rating agency noted.

“Larger banks are more likely to have complex and also legacy IT infrastructure compared to smaller banks, which could increase cybersecurity risk if not properly managed,” said Christopher Wolfe, managing director at Fitch, in a release.

The review also found that banks with higher credit ratings typically have better cybersecurity scores than banks with weaker ratings, Fitch said.

Banks based in developed markets tended to score higher on cybersecurity, and with less variability, than emerging market banks.

Fitch noted that it has never downgraded a bank solely because of a cybersecurity breach, but a “material” breach is an event risk that could have rating implications.

“Cyber breaches have resulted in heightened rating sensitivities for banks, indicating that their ratings are at more risk of a downgrade as a result of the breach,” Fitch said.

James Langton headshot

James Langton

James is a senior reporter for and its sister publication, Investment Executive. He has been reporting on regulation, securities law, industry news and more since 1994.