Moody’s Cybersecurity & Economy Report, January 2020

The growing interconnectedness of digital networks and the expanded use of technology to deliver services have increased governments’ exposure to cyberattacks either through direct assaults on their own systems or through the impact of attacks on the broader economy. For bigger governments, including sovereigns and larger regional and local governments (RLGs), the scale and diversification of their economies and sizable financial buffers enhance their ability to withstand cyberattacks. Smaller RLGs typically have fewer protections because of their smaller economies and more limited financial resources.

Download the report: Moody’s Cybersecurity & Economy

Key conclusions from the attached report authored by Moody’s Vice President & Lead US Analyst William Foster:


  • Governments are broadly resilient to cyberattacks from a credit quality perspective and do not face the same types of reputational or regulatory risks as do private businesses following cyberattacks.
  • The size, dynamism and diversity of the economies of sovereigns and larger RLGs contribute to economic resilience that will mitigate the potential credit impact of most cyberattacks.
  • Economic impact for governments would likely be the most severe in the event of an attack that targets critical infrastructure and paralyzes a large proportion of the economy or many large companies operating in a country or city. In this context, the size of a government and its related entities is relevant, resulting in higher risks for smaller RLGs who are less likely to be able to rely on robust backup infrastructure.
  • Cyberattacks that seek to disrupt domestic politics or influence election outcomes have ultimately had no direct credit implications
  • Most RLGs have fewer resources than do sovereigns and are therefore more vulnerable to cyberattacks, particularly financially motivated ransomware attacks. Such attacks would need to be very large relative to an RLG’s resource base to weaken operating performance or debt levels. Moody’s assessment of the impact of a cyberattack on an RLG’s financial performance and debt would also incorporate a given entity’s access to liquidity and how quickly it could tap financial markets if required.
  • The credit implications are more likely to be revealed through consequences for institutions and governance strength or political risk, including through our assessment of how quickly and effectively the sovereign or RLG responds to the attack.