Moody’s – Credit implications of cyberattacks will hinge on long-term business disruptions and reputational impacts

-Four sectors with $11.7 trillion in rated debt outstanding have high risk exposure to cyber-attacks

-Increasing digitization and interconnectedness within and across sectors driving rising tide of cyber risk

As the potential for significant cyberattacks rises globally, the growing intersection of supply chains, connectivity and access to data is creating new vulnerabilities for governments and businesses. Banks, securities firms, financial market infrastructures and hospitals, all of which rely heavily on technology for operations, distribution of content or customer engagement are at high risk, says Moody’s Investors Service in a new report.

“We view cyber risk as event risk that can have material impact on sectors and individual issuers,” says Moody’s Managing Director Derek Vadala. “Data disclosure and business disruption are the two primary types of cyber event risk that we view as having the potential for material impact on issuers’ financial profiles and business prospects.”

To develop a framework for understanding inherent cyber risk at the sector level, Moody’s focuses on 1) vulnerability to the type of attack or event to which entities in a given sector are exposed, and 2) potential impact of cyber events via disruption of critical businesses processes or negative reputational effects that lead to a loss of revenue as a result of customer attrition, for example.

Moody’s report classifies high-risk, medium-high risk, medium-low risk and low-risk sectors and also quantifies total rated debt outstanding for each classification. In this report, Moody’s has classified 35 total sectors and over $70 trillion total debt outstanding.

This publication does not announce a credit rating action. For any credit ratings referenced in this publication, please see the ratings tab on the issuer/entity page on www.moodys.com for the most updated credit rating action information and rating history.