Cyberattacks On Firms Posing Credit Risk

by CXOtoday News Desk    Nov 26, 2015


Credit rating agency Moody’s Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services.

Moody’s said cyber defense, detection, prevention and response will be a higher priority in credit assessments. While risk awareness is growing and is a credit positive, reducing risk is hard because the threats constantly evolve. For example, Larger utilities serving more people are likelier targets for hackers, though smaller ones may be less prepared to defend themselves, the report noted.

According to the report, organizations that house significant amounts of personal data, including financial institutions, healthcare entities, higher education organizations and retail companies, are at greatest risk to experience large-scale data theft attacks resulting in serious reputational and financial damage.

Other sectors considered part of the nation’s critical infrastructure, such as electric utilities, power plants, or water and sewer systems, are more exposed to attacks that could lead to large-scale service disruption, causing substantial economic - and possibly environmental - damage, the report notes. “However, Moody’s believes such an attack would elicit immediate government intervention to restore operations, resulting in lower potential credit risk.”

In another recent report by Standards & Poors, the research firm said that it could issue a downgrade if a bank looked ill-prepared for dealing with a cyberattack or following a breach that causes significant damage to a bank’s reputation or which leads to substantial monetary losses or legal damages.

The report cautioned that financial services firms must do more than simply budget for information security. “Banks must balance technology investments across protection, detection and response. And most importantly, they have to align their organization and culture around security awareness and preparedness to make the most out of their investments,” mentioned the report.

Moody’s too has identifies several key factors to examine when determining a credit impact associated with a cyber event, including the nature and scope of the targeted assets or businesses, the duration of potential service disruptions and the expected time to restore operations.

“More cybersecurity expertise is being added to boards and trustee governance,” writes the report’s lead author, Jim Hempstead, Moody’s associate managing director in a statement. “We expect many [organizations] will create distinct cyber security subcommittees, which is a material credit positive,” he summed up.