Ukraine-Russia, global cyber escalation. Economic impact of over $ 10 billion

Critical infrastructures are targeted with devastating cascading repercussions, greater than those generated by the “Not Petya” malware which in 2017 caused the blocking of the digital systems of about 7,000 companies in 65 countries. Reports have already been received of possible cyber attacks on the financial sectors of the United States and the EU 22 Feb 2022 Patrizia Licata Journalist

The growing tensions between Russia and Ukraine with the threat of a large-scale armed conflict may also have an impact in terms of cybersecurity. And the economic impact could exceed $ 10 billion for nations and businesses. This was stated by S&P Global ratings: the agency notes a strong risk that Ukraine is the target of new and targeted cyberattacks. These hacker attacks could also spread beyond Ukraine's borders to target other nations and businesses in the surrounding area or beyond. A cyber attack "could have ripple effects on businesses, government and others in the region and beyond," said S&P analyst Zahabia Gupta. "We are monitoring whether this type of attack can spread beyond the borders of the country and its potential implications" in economic terms.

Index of topics • Even if diplomacy wins, the cyber risk remains high • The economic and credit impact according to S&P • Italy raises the alert level

Even if diplomacy wins, the cyber risk remains high In the event of a severe military escalation, S&P thinks there may be cyber attacks on Ukrainian critical infrastructure - from telecommunications to power grids - to disrupt its operation, similar to what happened in the 2014 invasion of Crimea. • Allows the sending of promotional communications relating to the products and services of third parties with respect to the Joint Controllers who belong to the manufacturing, services (in particular ICT) and trade branch, with automated and traditional methods of contact by the third parties themselves, to which the data is disclosed. But even with a hoped-for de-escalation and a return to diplomatic channels, cyber attacks are by no means excluded. Ukraine has already reported cyber incidents and violations of government sites and public companies, including Oschadbank and Privatbank, the Ministry of Defense and the Armed Forces, allegedly of Russian origin and originating in different countries. S&P says there have also been "reports of possible cyber attacks on the financial sectors of the United States and the EU". The United States and its allies, in fact, have already said they are ready to respond to Russian cyber attacks in the context of the Ukrainian crisis, with retaliatory actions or sanctions. S&P explains how attacks on IT systems are becoming an increasingly used weapon in crises given the "advantageous cost-benefit ratio": low cost of deployment compared to conventional weapons, uncertain retaliation in the face of the almost certainty of paralyzing public systems and private individuals and undermine trust in institutions and infrastructures, with related economic costs. The economic and credit impact according to S&P According to S&P, the economic impact of a large-scale hacker attack linked to the Russia-Ukraine crisis could exceed for those involved the estimated $ 10 billion for the 2017 "NotPetya" malware attack, because today the degree of interconnection and digitization is much higher. “NotPetya” was launched in Ukraine in 2017 causing the digital systems to shut down for about 7,000 companies in 65 countries for weeks. Those with weaker IT governance and risk management will be more exposed to rating impacts. S&P is also monitoring the potential credit impact of cyberattacks on insurers and policyholders, given the still ambiguous war risk exclusion clauses in insurance policies. Italy raises the alert level The alarm has also been triggered for Italian companies by the National Cybersecurity Agency directed by Roberto Baldoni. "In addition to the adoption of best practices in the field of cybersecurity and compliance with the measures provided for by current legislation, it is recommended to raise the level of attention, ”the agency said. The list of recommended measures is published on the Csirt website, the Computer Security Incident Response Team. "Although there are currently no indicators in this sense, the significant cyber risk deriving from possible collateral impacts on ICT infrastructures interconnected with the Ukrainian cyberspace is highlighted, with particular reference to entities, organizations and companies that have relationships with Ukrainian and with whom there are telematic interconnections (B2B connections, users on Ukrainian networks and vice versa, sharing of repositories or collaborative platforms) ”, states the national cybersecurity agency. "Such impacts could derive from the interconnected nature of the Internet, as malicious actions, directed towards a part of it, can extend to contiguous infrastructures as demonstrated by previous infections with global impact such as NotPetya and Wannacry".