Moody’s has issued its 2021 outlook for cybersecurity and cyber risk. The new report states these risks are growing as a fiscal and credit factor for all debt issuers worldwide. Key focus areas for this year include vulnerabilities of software and vaccine supply chains, the rise in remote work during the pandemic, and the growing risk of state and state-sponsored actors. The availability and scope of cyber insurance will be another key issue as rising ransomware attacks prompt insurers to reassess the pricing and contract terms of this coverage.
The outlook’s highlights include:
Software supply chain attacks increase risks for software makers. Software makers with unique, critical products will likely be more resilient to cyber attacks, but reputational damage is a more significant risk for makers of products that can be replaced more easily.
Cyberattacks on healthcare facilities and entities in the COVID-19 vaccine supply chain likely will rise. Hospitals continue to be major targets of ransomware attacks, which have the potential to compromise patient care and expose hospitals to financial risks and lawsuits. Attacks targeting the vaccine supply chain could disrupt vaccination programs, prolonging the pandemic and its economic effects.
Remote work will bring more cybersecurity challenges. Home networks typically lack the security controls that govern corporate and enterprise networks, and organizations will grapple with controlling data outside traditional enterprise firewalls.
Geopolitical cybersecurity concerns pose growing risks. Some state actors increasingly favor cyberattacks as foreign policy tools. Such attacks can lead to reputational damage, business disruption or loss of intellectual property (IP).
Continued proliferation of ransomware attacks will prompt cyber insurance providers to reexamine coverage. Insurance claims related to ransomware attacks have risen significantly, prompting carriers to raise prices and change terms and conditions, including increasing deductibles and providing lower limits.
More governments will introduce data privacy laws, creating further incentives for strong cyber risk management practices. Robust cyber risk management and response practices can both better mitigate cyber risks and lead to reduced fines.