The Strategist

Moody’s reveal industries with maximum financial risk from cyber attacks

03/04/2019 - 11:41

Business hacker attacks indirectly promise deterioration of access to lending and increased cost of debt service. Analysts at rating agency Moody’s studied possible risks of cyber attacks for the credit ratings of companies from 35 sectors with a total debt of $ 70 trillion.

“We view cyber risks as event risk that can have a significant impact on sectors and individual organizations. Data leakage and disruption of business processes are two main types of event risk from cyber attacks, which, in our opinion, have the potential to have a significant impact on financial conditions and business prospects for companies,” said Derek Vadala, head of cyber risks at Moody's Investors Service.
Moody’s assessed risk basing on two factors:
vulnerability to cyber attacks;
the impact that an attack may have (for example, violation of important business processes, data leakage, reputational risks).
Criteria for assessing vulnerability include size and sphere of the business, as well as sensitivity of the data that can be stolen. Impact assessment used brand impact, financial impact and regulatory implications. Moody’s divided all of the companies into five groups from low risk to high, with the degree of vulnerability and impact being assessed separately.
The following four sectors had highest risk levels:
companies specializing in securities transactions;
companies engaged in financial market infrastructure;
medical facilities such as hospitals and laboratories.
According to Moody’s estimates, the total debt of these four sectors reaches $ 11.7 billion.
For all four sectors, risks were high both in terms of vulnerability and in terms of impact. Technologies are important for these sectors, and they work with highly confidential information.
For example, retail banks often fall victim to cyber attacks, and hackers can access customer account data. In addition, reputational costs can be high, as customers attach great importance to confidentiality of financial information.
Companies working with securities are also often subjected to cyber attacks, the purpose of which is theft or serious violation of business activities. Often, the attacks are aimed at financial infrastructure services.
As for medical institutions, they have encountered the problem of storage of sensitive patient data. At the same time, unlike the financial sector, they usually invest less in cyber security.
Moody’s included nine sectors with a total debt of $ 9.7 trillion in the relatively high risk group. Among them are retail, transport, manufacturing and telecommunications sectors.
Another 11 sectors with a total debt of $ 3 trillion are assigned to the group with an average level of risk. This includes asset managers, insurance companies, airports and higher education institutions.
The risk is relatively low in seven sectors with a total debt of $ 46.5 trillion. These include government agencies, local governments, schools and the oil and gas industry. The lowest risks are observed in four sectors with a debt of $ 1.8 trillion. These are raw materials and agriculture, real estate, toll roads and public-private partnerships.