Cyber risk and debt facilities: Practical considerations for borrowers

Recent cyberattacks on major UK companies have shown just how quickly a digital incident can disrupt day-to-day operations and create financial and contractual challenges. As these threats become more common, it’s important for borrowers to keep their debt documentation and risk management plans up to date. Below, we highlight the main legal risks that can arise after a cyber incident and offer practical steps to help you manage and reduce these risks.

Events of Default and Material Adverse Change

Most facility agreements include broad “material adverse change” (MAC) clauses and representations about your financial health. It would be unusual for the occurrence of an attack to immediately trigger a MAC clause - and it would be a brave lender to call one. Most lenders will want to support the business rather than make things harder. However, if the impact is severe, a default could follow. Other undertakings, such as requirements to comply with laws or protect assets, may also be affected. It’s worth reviewing your loan documents for any specific obligations around IT systems, data security, or business continuity. If a default does occur, lenders would be entitled to demand repayment or suspend further advances until the issue is resolved, which can create uncertainty and strain your cashflow. The key is to have a clear plan and keep your lenders informed - open communication is essential.

Financial Covenant Stress

A major cyber incident can put pressure on your financial covenants. If your business is forced to shut down or costs rise unexpectedly, you may struggle to meet these requirements. While covenants are usually tested over a 12-month period, a prolonged disruption could lead to breaches across several periods, and lenders may respond by requiring updated forecasts and tighter controls. In severe cases, it could lead to lenders charging fees or increasing margins to reflect the heightened risk. In these situations, “cash is king” - consider whether it makes sense to draw down more funds than you immediately need, so you have enough working capital to manage the fallout from an attack.

Insurance Considerations

Cyber insurance can help, but many policies exclude or limit cover for lost profits or reductions in company value after an attack. Insurance payouts can also be delayed, especially if there’s an investigation. Check your insurance contracts to see what protection you have. Remember, lenders may have a say in how insurance proceeds are used - sometimes they’ll require the money to pay down loans, or exclude it from earnings calculations, which can affect your financial flexibility.

Practicalities and Documentation

If your IT systems are compromised, you may need to rely on manual processes. Consider keeping paper copies of key funding documents or storing them offline. Think through how your finance team would handle banking arrangements without access to usual systems, and make sure everyone knows what to do if you need to switch to manual operations. Being prepared for these practical challenges can help you maintain access to funding and keep lender relationships on track during a crisis.

Reputational, Regulatory and Contractual Fallout

A significant cyber incident may trigger mandatory reporting obligations to regulators, and you could face fines, investigations, or legal action. Directors may also be personally liable if systems and controls are found to be lacking. The associated costs, management distraction, and uncertainty can be substantial. Your contracts with suppliers and customers may include force majeure or penalty clauses if you can’t deliver due to a cyberattack, so your corporate reputation and stakeholder confidence could suffer.

Conclusion

Cyber incidents highlight the need for borrowers to be proactive about managing risk and debt obligations. Operational downtime can quickly lead to cashflow problems and potential covenant breaches. Make sure your legal, finance, and IT teams are working together, review your loan documents, and consider backup liquidity options. Don’t wait until an attack happens - agree a strategy with your board and discuss it with your lenders so everyone knows what to do if the worst occurs.