There are many factors that can affect a company’s credit ratings and it appears that cyber risk is moving up a notch in importance in corporate credit analysis.
In a new report, ratings agency Moody’s Investors Service said it views material cyber threats in a similar vein as other extraordinary event risks, such as a natural disaster, with any subsequent credit impact depending on the duration and severity of the event.
While we do not explicitly incorporate cyber risk as a principal credit factor today, our fundamental credit analysis incorporates numerous stress-testing scenarios, and a cyber event could be the trigger for one of those stress scenarios.”
According to the report, “Cyber Risk of Growing Importance to Credit Analysis,” assessing how prepared an issuer or organization is for a cyber threat presents challenges, owing to the complexity of the problem.
Moody’s identifies several key factors to examine when determining a credit impact associated with a cyber event, including: nature and scope of the targeted assets or businesses; the duration of potential service disruptions; and the expected time to restore operations.
On a positive note, more cyber security expertise is being added to boards and trustee governance in response to the growing cyber threat.
A press release cites Jim Hempstead, Moody’s associate managing director and lead author of the report:
Moody’s said industries housing significant amounts of personal data, such as financial institutions, health care entities, higher education organizations and retail companies are at greatest risk of a large-scale data breaches resulting in serious reputational and financial damage.
Critical infrastructure sectors such as electric utilities, power plants, or water and sewer systems are more exposed to attacks that could result in large-scale service disruption, causing substantial economic—and possibly environmental—damages to sovereign, state and local governments or utilities.
However, Moody’s believes this type of attack would elicit immediate government intervention to restore operations, resulting in lower potential credit risk.
Hat tip to Reuters for its article here.
Check out the I.I.I.’s latest paper Cyber Risk: Threats and Opportunities.