Breach, Compliance Management, Data Security

Moody’s: Cyber risks will impact credit ratings

Moody's will begin to place more weight on considerations related to cyber risks when issuing credit ratings. The company released a report, “Cross Sector – Global: Cyber Risk of Growing Importance to Credit Analysis,” outlining their plans to assess cyber issues as part of the credit rating process.

The report is the latest indicator that it has becoming increasingly important that companies view cybersecurity in financial terms, not simply in terms of reputational risk.

“More cyber security expertise is being added to boards and trustee governance,” said associate managing director Jim Hempstead, in a release. “We expect many issuers will create distinct cyber security subcommittees, which is a material credit positive.”

S&P issued a similar warning in September, stating that it would downgrade credit ratings of financial institutions that have poor cybersecurity protections.

Information security professionals regularly mention the challenge of facing pushback from management teams when requesting budget for products or staff. An increased focus on cybersecurity among rating agencies may cause a shift in that dynamic.

Mike Buratowski, vice president of cybersecurity services at Fidelis Cybersecurity, told SCMagazine.com, “This is another thing that will incentivize boards of director to invest in cybersecurity.”

The report highlighted risks faced by “organizations that house significant amounts of personal data”, although Moody's did not closely distinguish between risk levels faced by financial, healthcare, education, and retail sectors.

Buratowski said he doesn't see evidence that rating agencies “are looking at the individuality of companies or how much they have invested in technologies to secure information.”

The report focused on large-scale data theft attacks that have generated the most attention, such as large retail breaches. The effect of these attacks has been profound, but more subtle cyberthreats, such as cybertheft of a company's intellectual property “can mean the end of that business,” Buratowski said.

Related

Nexperia impacted by cyberattack

Nexperia had some of its servers confirmed to be compromised in a cyberattack last month following a report from Dutch broadcast firm RTL detailing attackers' claims of having exfiltrated hundreds of gigabytes of data from the Chinese-owned Dutch semiconductor manufacturer, according to Cybernews.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.