Moody’s Guidelines For Cybersecurity Risk Assessment And Impacts On Credit RatingsJanuary 16, 2019Cyber Security
Moody’s Guidelines For Cybersecurity Risk
How to assess that how prepared the enterprises are in countering the cyber threats in this technological warfare is a complex issue. Cyber risks vary industry to industry. This is a frightening challenge for sectors like financial services, healthcare, education and insurance. Moreover, involves an immense amount of personal and sensitive personal data. How to assess that how prepared the enterprises are in countering the cyber threats in this technological warfare is a complex issue. in other words, Cyber risks vary industry to industry. This is a frightening challenge for sectors like financial services, healthcare, education and insurance that involves an immense amount of personal and sensitive personal data.
It’s grievous to think about any cyber attack which can cause large scale economic and environmental damages happening on critical infrastructures and utilities like water and electricity supply and communication.
Because of Cyber-attacks on the energy sector the rating agency Moody’s has deviated its rating criteria for this industry from extreme weather events, i.e. natural disasters. The ability to recover and restore the operations to the factors associated to the cybersecurity challenges, including the nature and scope of the assets of a business, the time frame of the disruption caused and the expected time to restore the operations which might help in determining a credit impact. However, Moody’s still believe that the government will support them in overcoming the cyber security challenges to critical infrastructure assets in recovery efforts which will result in lower potential credit risk.
Key Factors contributing towards credit ratings:
Moody’s made a list of factors to gauge credit impact associated with a cyber event, which includes:
- Nature and scope of targeted assets.
- The duration of disruption caused by the cyber attack.
- Expected time to recover after the cyber attack.
Lesley Ritter, associate vice president at Moody’s, said: “Cybersecurity contains enterprise-wide risks. It require governance measures, and executives and the board of directors should be at the centre of managing the risks.”
They examined the rising cyber risk is evolving with time “at a steep trajectory”. Moody’s is working on a standalone cyber risk rating apart from the credit rank.
Last year a group of organisation and part of the banking sector started collaborating to develop standards for credit ratings based on cyber risks. It will help organisations to raise awareness by risk-based conversations between the organisation depending on accurate and relevant information. This collaborative groups approach promotes quality and accuracy in developing the ratings for security.
The study conducted by Microsoft and Frost & Sullivan Study revealed that:
- A large organisation in Singapore can make a loss of US$13.8 million which is more than 70 times the loss of an average sized organisation.
- Cyber attacks also have an impact on unemployment it affected almost 57% of the organisation over the last year.
- Concerns over cyber threats have delayed the transformation process.
- Organisations in Singapore are moving towards AI to augment their strategies on information security.
What is on the stake?
- The Institute of Singapore Charted Accountants (ISCA) is now considering cybersecurity risk in their financial audit statements. They are focusing on involving subject matter expert’s especially to monitor the financial implications of unnoticed data breaches.
- Another point is to engage the possible successful attack for calculating the impacts of the breach. It can be calculated by keeping the potential customer base, revenue, productivity and customer confidence. Fines and response costs also contribute to the credit ratings.
- Keeping the application security perspective in mind. The dollar lost on the verge of a cyber data breach is an important factor which can affect the credit ratings. Certainly, a downtime of application for one website may be OK, but for others, it may be devastating.
So, the risk assessment covers all the modules of critical applications in function. Therefore,By analysing the audit trail of your systems you will know what type and where you need protection.