Some of most powerful financial regulators in the United States have taken a stand on cybersecurity, telling American banks to reduce their cybersecurity risk – or pay up.

Credit rating firm Standard and Poor’s recently announced that banks and financial institutions may get “pre-emptive credit rating downgrades” due to poor cyber security policies.

In other words, no breach or hack needs to occur for vulnerable companies to be called out and penalized – simply being vulnerable is enough. Given that a credit downgrade can cost a corporation billions – and severely damage shareholder confidence – it’s a safe bet that executives are taking notice.

Standard and Poor’s isn’t the only one coming after the finance sector either – the FTC is also cracking down. A US federal court recently made a landmark ruling which extended the FTC’s regulatory reach and persecutory powers. With the new law, the FTC can sue companies for cyber security failures, and already started with hospitality giant Wyndham Hotels.

Even the SEC has been getting involved in security regulation.  After a breach at financial management firm Jones Capital Equities Management, regulators punished the company with a $75,000 fine. The firm is just one of many to be prosecuted for negligence, according to the SEC.

The FTC, the SEC, and Standard & Poor’s are sending a message to businesses everywhere: neglecting to implement proper security measures will be met with harsh punishment. It’s a move expected to reassure consumers and shareholders alike, as well as end costly neglect in corporate cybersecurity.

Adequately safeguarding digital assets is not an easy task, but one that can no longer be ignored.  The damage from poor security practice is more apparent than ever: stock price drops, lost consumer confidence, regulatory penalties, and class-action lawsuits. The recent hardline positions taken by regulatory agencies reinforce just reiterate what we already know: at the end of the day, cybersecurity risk impacts the bottom line.