Cyberattacks Hit Debt-Market Pricing at the Biggest Nordic BankBy
Nordea is designing corporate products to reflect cyber risks
Development comes as data protection dominates world headlines
Nordea Bank AB will start pricing debt products to reflect threats to data as the scandal engulfing Facebook Inc. redefines corporate risk.
Mathias Leijon, co-head of corporate and investment banking at Nordea in Stockholm, says his team has been thinking “a lot about this” risk, with a key question emerging as, “How do you include the cost associated with cyber security that has the potential impact to be very severe?”
The Nordic region’s only global systemically important bank is responding to a slew of developments that show companies today face a very different array of threats than in previous decades. Nordea is adjusting its approach to corporate lending to take more advanced technology into account as the bank tries to lead the pack in all things to do with going digital.
The debt pricing model means that companies more exposed to cyberattacks might face higher financing costs. In the Nordic region, shipping company A.P. Moller-Maersk lost $300 million last year in a recent high-profile example of what can happen if a company’s defenses aren’t strong enough to withstand a cyberattack. Nordea says it’s not the only bank that needs to look into new models for gauging debt risk.
Pricing the risk is “fairly tricky,” Leijon said. It needs to be incorporated into share price and revenue estimates, or it needs to be factored into operating expenses, “because corporates need to invest more,” he said.
The entire banking industry will have to go through the same exercise as customers increasingly go digital, Leijon said. With “more than 100 billion lines of codes” being created each year, it’s “almost inevitable that there will be security vulnerabilities which can be exploited by cyber-criminals,” he said.
After a period of almost unqualified enthusiasm, corporations and regulators in one of the world’s most digitally advanced corners are growing increasingly wary of the dark side of technological advancements. Denmark’s financial regulator this week warned pension and insurance firms against putting too much faith in artificial intelligence, robot advisers and algorithms, arguing they pose risks that can ultimately “threaten a company’s existence.”
Leijon says part of the challenge is that building up cyber defenses doesn’t instantly support profits, with firms at which executives tend to have short tenures less likely to invest. Rewarding companies that take the trouble to invest in security through lower debt costs may ultimately help shape the industry.
“The velocity of the change of CEOs and CFOs has increased,” Leijon said. “That’s why it’s important to show, from a quantitative perspective, that you’ll be rewarded early on” for investing in better governance.
“Because things go wrong.”