According to credit rating agency Moody’s Investors Service, critical infrastructure – including electricity, gas and water companies and hospitals – are exposed to very high cyber risk. Banks, telecommunications, technology, chemicals, energy, and transportation services face high exposure to cyber risk.
The Moody’s Investors Service report, updated from a 2019 release, finds a global rise in cyber risk across more than 70 sectors, along with increased mitigation and defense measures. A quarter of the more than $80 trillion in debt rated by Moody’s is considered high or very high with respect to its cyber risk exposure.
“Cyber risk is increasing. However, we are seeing a corresponding growth in investments in robust security programs as industries prioritize the need to assess and quantify risk to inform key strategic decisions, mitigate supply chain risk, and ensure trust. of investors,” said Steven Libretti, analyst and lead author of the report.
Sectors are rated on a scale of low, moderate, high, or very high, reflecting an assessment of two equally weighted factors: cyber risk exposure (systemic role and digitization) and mitigation (perimeter vulnerability, cyber best practices and estimated financial loss). Moody’s used data and metrics provided by BitSight Technologies, a cyber ratings company in which it owns a minority stake; RMS, a catastrophe risk modeling company; and Bureau van Dijk, a data and information services company, both owned by Moody’s Analytics.
Derek Vadala, chief risk officer at BitSight, says that “continued attention to improving basic cyber hygiene and vulnerability management can measurably reduce the risk of a business impacting incident.” “This study used BitSight’s qualified open ports and patch cadence data sets to help determine perimeter vulnerability scores. A poor patching cadence, for example, is strongly correlated with a significantly higher risk of ransomware.”
“As a leader in integrated risk assessments globally, we will continue to provide a platform for our stakeholders to better understand, measure and manage their cyber risks and the correlative risk of financial loss,” added Jim Hempstead, CEO of Moody’s Investors Service.
The report is available on the Moody’s website. Requires registration.
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.