Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo
Dive Brief

Without strong governance, companies put credit ratings at risk in AI era

A new report from S&P Global provides a blueprint for how companies can adapt to the changing threat environment.

Published June 1, 2026
Eric Geller's headshot
Senior Reporter
The words credit rating with puzzle pieces in the background.
Getty Images

Dive Brief:

  • AI’s improving cyberattack capabilities underscore the importance of improved security governance, the ratings agency S&P Global said in a recent report.
  • Whether Anthropic’s highly touted Claude Mythos Preview model “represents a genuine inflection point or an incremental evolution,” companies should revisit how they detect and combat cybersecurity threats, S&P analysts said in the May 26 report.
  • S&P’s analysis breaks down the different forms of risk associated with AI and connects those risk factors to the decisions that credit ratings agencies make.

Dive Insight:

“AI has not changed what effective cybersecurity looks like,” S&P analysts wrote in their report. “It has changed the speed and scale at which weaknesses are exposed.”

With that in mind, the report stresses the importance of vigilant governance measures to quickly identify cyberattacks, both AI-fueled and otherwise, before they metastasize into operational headaches. “Research on organizational cyber resilience consistently identifies governance failures as more financially damaging than purely technical ones,” S&P said.

The pressure that AI is putting on companies has reemphasized the importance of key organizational qualities that ratings analysts consider. Those include elevating the CISO’s importance inside the organization, transforming it from an operational role to a strategic one; the implementation of zero-trust architecture, making it easier to contain the identity-related compromises that are so ubiquitous in the modern threat environment; and the integration of AI governance into operational workflows.

“From a credit perspective,” S&P said, “the key factor is typically whether an issuer’s AI governance has operational authority or is merely advisory.”

Cyber threats are increasingly affecting the aspects of business operations that factor into credit ratings, the S&P report said. All of those factors — the direct costs associated with remediating a hack, the costs associated with operational disruptions, the impact of a compromise at a third-party supplier, rising insurance costs, regulatory changes and reputational impact — have evolved as AI has made it easier to launch sophisticated cyberattacks.

In terms of operational disruptions, S&P noted that agentic AI can assemble attack chains that cause “multi‑system outages from a single point of initial access.” On the insurance front, S&P warned of “emerging AI‑related exclusions” to insurance policies that could have a double-edged effect, simultaneously forcing companies to grow more resilient while also raising costs for policyholders. And in the regulatory realm, S&P pointed to both the U.S. Securities and Exchange Commission’s 2026 examination priorities and the EU’s Digital Operational Resilience Act (DORA) enforcement approach as evidence that policymakers are increasingly scrutinizing AI-related risks.

Editors' picks

Company Announcements

View all | Post a press release
DeVry University Earns Top 12 National Ranking in Spring 2026 National Cyber League Competition
From DeVry University
May 28, 2026
DeVry University logo
360 Privacy Expands Senior Leadership as Threats to Executives and High-Profile Individuals Gr…
From 360 Privacy
May 21, 2026
360 Privacy logo

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell