Last month saw an unprecedented global ransomware attack that infected tens of thousands of computers in nearly 100 countries, including the U.S., the U.K. and Russia. Hospitals in the U.K. were the hardest hit as more than a dozen were forced to turn away nonemergency patients and doctors had to rely once again on pen and paper.

The disruption has caused many to consider how vulnerable U.S. government services are to a similar attack. But some are raising the possibility of another vulnerability: That a cyberattack has the potential to lower a government’s credit rating, making borrowing to fix the problem even more expensive for taxpayers.

The possibility seems remote: No government yet has been downgraded because of a cyberattack. But S&P Global Ratings analyst Geoff Buswick says the risk is real, particularly for smaller governments with less financial flexibility. That’s because attacks can cost a lot, but can also cost taxpayer trust. That in turn, can hinder a government’s ability to raise taxes. “As a rating analyst, I look at the willingness and ability to repay debt,” says Buswick. “Without taxpayer support you don’t have that ability.”