The growing interconnectedness of digital networks and the expanded use of technology to deliver government services have increased governments’ exposure to cyberattacks, both through direct assaults on their own systems and through the impact of attacks on the broader economy,says Moody’s Investors Service.
While governments worldwide are increasingly vulnerable to cyberattacks, the associated risks to their credit quality are limited, says Moody’s in a new report.
“For bigger governments, including sovereigns and larger regional and local governments, the scale and diversification of their economies and sizeable financial buffers enhance their ability to withstand cyberattacks,” said Moody’s vice president David Rogovic.
“Smaller regional and local governments typically have fewer protections because of their smaller economies and more limited financial resources.”
In general, governments are attractive targets for cyber attackers as a result of their large financial resources, the essential services they provide and the sensitivity of the data they collect.
More sophisticated cyber actors, including state-sponsored groups with geopolitical interests, typically target sovereigns and are often driven by espionage or the intent to disrupt domestic politics, including through election interference.
In contrast, regional and local governments are typically targets of financial opportunity, including from ransomware attacks.
However, they are broadly resilient to cyberattacks from a credit quality perspective. Unlike private companies, governments oversee large and diverse economies, which helps distribute associated risks. Governments typically also have ample fiscal resources and taxing authority to absorb the potential financial costs of a successful cyberattack. Additionally, governments do not face the same types of reputational or regulatory risks as do private businesses following cyberattacks. Although a well-developed cybersecurity strategy does not necessarily reduce a government’s vulnerability to attack, it can reduce an attack’s severity.
Strong cyber defence capabilities can inform how quickly a government can respond to a cyber event, which will help limit the credit impact. These capabilities include ample cybersecurity resources, and cyber-specific incident and crisis management teams. In general, more advanced economies with stronger institutions tend to have the most developed cybersecurity strategies and defence capabilities.