The Emerging Risk of Borrower Cybersecurity Breaches to Lenders
Asset-based collateral field examinations have been a go-to method for providing lenders with timely assessments of the quality of the collateral securing outstanding or prospective loans. In addition to providing on-going monitoring on existing loan relationships, the field exam can also aid in the evaluation of borrowers’ accounting procedures and financial reporting capabilities.
As an added benefit to the standard collateral testing, the field exam also shines a light on risk areas that can exist outside the A/R-inventory “box.” Tax delinquencies, vendor relationships and changing market conditions are all areas that can threaten borrowers’ ability to repay their outstandings. The company’s cybersecurity environment is an emerging risk area lenders should consider as they make lending decisions.
Cybersecurity risk is the potential exposure to loss, or other adverse circumstances, emerging from an organization’s information systems. Although theft of intellectual property, destruction or loss of data, and monetary loss are the most commonly recognized risks, productivity losses and reputational harm can also result from cybersecurity breaches. Helping company stakeholders understand their cybersecurity environment through cybersecurity assessments as a standalone service or as a field exam add-on has become a priority for Moore Colson.
“We recognize how intertwined our IT environments have become with business operations and the potential impact on our client’s operations, reputation and livelihoods if those environments are exploited,” said Jon Powell, CPA/CITP, CISA, Moore Colson Partner and Cybersecurity Practice Leader. “We want to be able to offer our clients solutions on how to de-mystify cybersecurity, know where they truly stand and become more cyber-vigilant.”
As is the case with other potential threats, cybersecurity breakdowns can severely impact borrowers’ operations in a variety of ways.
“Any data breach will have multiple impact points to the business,” noted Powell. “There are endless examples of companies that were breached with intellectual property stolen such as PII, PHI, trade secrets and financial data. Oftentimes material dollar amounts were transferred out of the company. These losses offer an immediate hit to a company’s brand reputation.”
Not only will cybersecurity breaches impact brand reputation, but they also have the potential for legal (PII and PHI data is now public), financial (private financial detail is now public) and operational (the secret “sauce” is now public) ramifications as well.
Assessing borrowers’ cybersecurity framework gives the lender a glimpse into potential vulnerabilities, which marries well with the established field exam structure. Assessment results also provide borrowers with insights needed to prioritize the development of cyber strategies, especially as remote work has become an integral part of companies’ operations. Ultimately, properly assessing cybersecurity and acting on results provides immense value to both the borrower and lender.