Moody’s Guidelines For Cybersecurity Risk Assessment And Impacts On Credit RatingsJanuary 16, 2019 |Cyber Security
Moody’s Guidelines For Cybersecurity Risk
How to assess that how prepared the enterprises are in countering the cyber threats in this technological warfare is a complex issue. Cyber risks vary from industry to industry. This is a frightening challenge for sectors like financial services, healthcare, education, and insurance. Moreover, involves an immense amount of personal and sensitive personal data. How to assess that how prepared the enterprises are in countering the cyber threats in this technological warfare is a complex issue. in other words, Cyber risks vary from industry to industry. This is a frightening challenge for sectors like financial services, healthcare, education and insurance that involves an immense amount of personal and sensitive personal data.
It’s grievous to think about any cyber-attack which can cause large scale economic and environmental damages happening on critical infrastructures and utilities like water and electricity supply and communication.
Because of Cyber-attacks on the energy sector the rating agency Moody has deviated its rating criteria for this industry from extreme weather events, i.e. natural disasters. The ability to recover and restore the operations to the factors associated with the cybersecurity challenges, including the nature and scope of the assets of a business, the time frame of the disruption caused and the expected time to restore the operations which might help in determining a credit impact. However, Moody still believes that the government will support them in overcoming the cybersecurity challenges to critical infrastructure assets in recovery efforts which will result in lower potential credit risk.
Key Factors contributing to credit ratings:
Moody’s made a list of factors to gauge credit impact associated with a cyber event, which includes:
- Nature and scope of targeted assets.
- The duration of disruption caused by the cyber attack.
- Expected time to recover after the cyber attack.
Lesley Ritter, associate vice president at Moody’s, said: “Cybersecurity contains enterprise-wide risks. It requires governance measures, and executives and the board of directors should be at the centre of managing the risks.”
They examined the rising cyber risk is evolving with time “at a steep trajectory”. Moody’s is working on a standalone cyber risk rating apart from the credit rank.
Last year a group of organizations and part of the banking sector started collaborating to develop standards for credit ratings based on cyber risks. It will help organizations to raise awareness by risk-based conversations between the organization depending on accurate and relevant information. This collaborative group approach promotes quality and accuracy in developing the ratings for security.
The study conducted by Microsoft and Frost Sullivan Study revealed that:
- A large organization in Singapore can make a loss of US$13.8 million which is more than 70 times the loss of an average-sized organization.
- Cyber attacks also have an impact on unemployment it affected almost 57% of the organization over the last year.
- Concerns over cyber threats have delayed the transformation process.
- Organizations in Singapore are moving towards AI to augment their strategies on information security.
What is on the stake?
- The Institute of Singapore Charted Accountants (ISCA) is now considering cybersecurity risk in their financial audit statements. They are focusing on involving subject matter expert’s especially to monitor the financial implications of unnoticed data breaches.
- Another point is to engage the possible successful attack for calculating the impacts of the breach. It can be calculated by keeping the potential customer base, revenue, productivity, and customer confidence. Fines and response costs also contribute to the credit ratings.
- Keeping the application security perspective in mind. The dollar lost on the verge of a cyber data breach is an important factor that can affect the credit ratings. Certainly, a downtime of application for one website may be OK, but for others, it may be devastating.
So, the risk assessment covers all the modules of critical applications in function. Therefore, By analyzing the audit trail of your systems you will know what type and where you need protection.