https://www.cnbc.com/2018/11/12/moodys-to-build-business-hacking-risk-into-credit-ratings.html
By Kate Fazzini
CNBC.com
12 Nov 2018
Moody's will soon start using its credit-rating expertise to evaluate
organizations on their risk to a major impact from a cyberattack.
That move might be a game-changer for many institutional and individual
investors, who often struggle to quantify the potential impact of a
significant cybersecurity incident into a meaningful rating. Ratings
agencies including Moody's have been warning for years that cyber issues,
including lax controls or a meaningful breach, could lead to a downgrade.
But this is a first real step toward codifying those predictions.
"For us, it's not something we view as a totally new idea," said Derek
Vadala, who was named Oct. 17 to a new role heading Moody's Investors
Services Cyber Risk Group. "We've been in the risk management business for
a very long time. This is to enhance our thinking about credit as cyber
becomes more and more important."
Moody's gives ratings — ranging from AAA to C — that are used to determine
creditworthiness for companies, bonds, sovereign countries, structured
finance transactions and issuers of infrastructure and project finance.
Initially, the company will incorporate cyber risk into its existing
credit ratings. After that, Vadala said, Moody's is considering a
stand-alone cyber risk rating separate from the credit rank.
"We haven't yet moved a credit rating due to cyber risk or a cyber event,
but we see the likelihood of credit-rating impact as steadily increasing,"
Vadala said. "Different sectors have different levels of credit
sensitivity to cyber risk. For those higher-risk sectors, there will be
impact down to the individual issuer-level over time."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
