The ratings agency would likely examine the duration and severity of a cyber attack to determine its credit impact.
