Cybercrimes Can Affect Your Credit Rating
By Christine Kern, contributing writer
A Moody’s report finds cyberattacks increase event risks and can lower credit ratings.
As the threat of cyberattacks continues to increase, Moody’s Investors Service warns the implications could become an important determining factor in credit analysis. According to a Moody’s report, Cyber Risk of Growing Importance to Credit Analysis, the increase of cybercrime is increasing healthcare institutions’ risk of a drop in their credit ratings.
Cyberattacks are on the rise in both number and scope as a result of spikes in mobile data and interconnectedness, a reality that has caused Moody’s to rethink its credit assessments and analysis, according to Think Advisor.
While cyberattacks don’t directly drive ratings, they are assessed as event risks because “timing and consequences of a successful attack are uncertain,” according to the report authors. Interoperability efforts have made healthcare providers highly susceptible to those risks.
“Cyber risk means different things for different sectors,” Jim Hempstead, Moody’s Associate Managing Director and lead author of the report explained. “While we do not explicitly incorporate cyber risk as a principal credit factor today, our fundamental credit analysis incorporates numerous stress-testing scenarios, and a cyber event could be the trigger for one of those stress scenarios.”
According to the report, security challenges will remain due to the constant evolution of cyber threats. Assessing how prepared an issuer or organization is for a cyber threat presents challenges, owing to the complexity of the problem. Across all sectors, however, cyber risk is becoming an important priority.
“More cyber security expertise is being added to boards and trustee governance,” says Hempstead. “We expect many issuers will create distinct cyber security subcommittees, which is a material credit positive.” Assessment of an organization’s cyber preparedness is “challenging because the risk is complex and evolving very quickly.”
The report also looks at varying types of cyber threat actors and their motives, including nation state espionage groups, criminal enterprises, hacktivists, and terrorists.