Cyberattacks pose an "escalating credit risk" to the asset management industry, and asset managers' cybersecurity programs appear to be less advanced than those of large financial institutions, Moody's reported.
The WannaCry ransomware attack that paralyzed hospitals, banks and railways in Europe has highlighted the threat of a cyber attack to all companies, the ratings agency wrote. The asset management industry is exposed to "reputational, monetary, litigation, and operational risks," Moody's said.
A serious attack may not put client assets at risk, since funds are kept at custodial banks. But the reputational harm after a serious attack could lead to outflows if clients perceive that their assets or personal information are at risk.
The ratings agency found that though asset managers are addressing the threat, risks remain. Companies in the industry continue to rely on third-party vendors to handle cybersecurity, Moody's found. While such vendors provide "modern and robust defenses," they give cyber criminals more points of entry into asset managers' systems.