Moodys.com
Close
Please Note
We brought you to this page based on your search query. If this isn't what you are looking for, you can continue to Search Results for ""
The maximum number of items you can export is 3,000. Please reduce your list by using the filtering tool to the left.
Close
Close
Email Research
Recipient email addresses will not be used in mailing lists or redistributed.
Recipient's
Email

Use semicolon to separate each address, limit to 20 addresses.
Enter the
characters you see
Close
Email Research
Thank you for your interest in sharing Moody's Research. You have reached the daily limit of Research email sharings.
Close
Thank you!
You have successfully sent the research.
Please note: some research requires a paid subscription in order to access.
Email page
Email
print page
Print

Research Announcement:

Moody's - Cybersecurity disclosures vary greatly in high-risk industries

03 October 2019

New York, October 03, 2019 --

  • Corporate cyber disclosures vary greatly among companies in high-risk sectors
  • Poor transparency could undermine investor confidence and negatively impact credit quality

The level of transparency and detail provided in corporate cyber risk disclosures varies greatly across sectors facing heightened cyber risk, said Moody's Investors Service in a report published today.

"The absence of detailed disclosures makes it more difficult to analyze a company's cyber posture, and as cyberattacks increase in frequency, could hurt investor confidence and complicate efforts by companies to raise capital and access liquidity," said Lesley Ritter, VP-Senior Cyber Risk Analyst at Moody's Investors Service.

The sectors deemed most exposed to cyber risk are banks, securities firms & market infrastructure providers as well as hospitals & other healthcare providers. Of these sectors, bank disclosures are the most extensive and detailed, addressing cyber risk oversight and mitigation strategies, while hospitals are the least transparent.

Across the sectors analyzed, banks and telecommunications & media companies had the most thorough disclosures, discussing their specific cybersecurity risk management strategies in a fair amount of detail. US and European companies were more transparent than their Asian peers, but US-based companies appeared more reliant on insurance to manage the financial impact of cyber risk, while their European counterparts offered more information about their strategy to mitigate the operational impact of a cyber event.

Apart from healthcare, retail, lodging, health insurance, medical devices, and transportation services were among the sectors that provide the least amount of information, despite having experienced some of the most well-publicized cyber attacks to date. In these industries, cybersecurity was not consistently cited in the companies' risk discussions, the disclosures around the governance structure of this risk were less robust, and few referenced any form of cyber risk mitigation.

"The level of transparency of a company's cybersecurity disclosures does not necessarily reflect the degree to which the company is prepared to deal with such threats. From a credit perspective, disclosure is less important than actual defense in depth measures and an impactful mitigation strategy. That said, cybersecurity public disclosures are a useful tool to compare and contrast how companies in sectors with elevated risk are addressing these challenges," said Brendan Sheehan, VP-Senior Corporate Governance Analyst at Moody's.

Moody's analysis was based on public disclosures from 125 North American, EMEA, and Asian companies. These companies comprise the largest rated debt issuers in the sectors identified as having high or medium-high cybersecurity risk.

NOTE TO JOURNALISTS ONLY: For more information, please call one of our global press information hotlines: New York +1-212-553-0376, London +44-20-7772-5456, Tokyo +813-5408-4110, Hong Kong +852-3758-1350, Sydney +61-2-9270-8141, Mexico City 001-888-779-5833, São Paulo 0800-891-2518, or Buenos Aires 0800-666-3506. You can also email us at mediarelations@moodys.com or visit our web site at www.moodys.com.

This publication does not announce a credit rating action. For any credit ratings referenced in this publication, please see the ratings tab on the issuer/entity page on www.moodys.com for the most updated credit rating action information and rating history.

Lesley Ritter
Asst Vice President - Analyst
Cyber Risk Group
Moody's Investors Service, Inc.
JOURNALISTS : 1 212 553 0376
Client Service : 1 212 553 1653

Brendan Sheehan
VP-Senior Analyst
Environmental, Social and Governance
Moody's Investors Service, Inc.
JOURNALISTS : 1 212 553 0376
Client Service : 1 212 553 1653

Jim Hempstead
MD-Utilities
Project & Infrastructure Finance
Moody's Investors Service, Inc.
JOURNALISTS : 1 212 553 0376
Client Service : 1 212 553 1653

Releasing Office :
Moody's Investors Service, Inc.
250 Greenwich Street
New York, NY 10007
U.S.A.
JOURNALISTS : 1 212 553 0376
Client Service : 1 212 553 1653

© 2019 Moody’s Corporation, Moody’s Investors Service, Inc., Moody’s Analytics, Inc. and/or their licensors and affiliates (collectively, “MOODY’S”). All rights reserved.

CREDIT RATINGS ISSUED BY MOODY'S INVESTORS SERVICE, INC. AND ITS RATINGS AFFILIATES (“MIS”) ARE MOODY’S CURRENT OPINIONS OF THE RELATIVE FUTURE CREDIT RISK OF ENTITIES, CREDIT COMMITMENTS, OR DEBT OR DEBT-LIKE SECURITIES, AND MOODY’S PUBLICATIONS MAY INCLUDE MOODY’S CURRENT OPINIONS OF THE RELATIVE FUTURE CREDIT RISK OF ENTITIES, CREDIT COMMITMENTS, OR DEBT OR DEBT-LIKE SECURITIES. MOODY’S DEFINES CREDIT RISK AS THE RISK THAT AN ENTITY MAY NOT MEET ITS CONTRACTUAL FINANCIAL OBLIGATIONS AS THEY COME DUE AND ANY ESTIMATED FINANCIAL LOSS IN THE EVENT OF DEFAULT OR IMPAIRMENT. SEE MOODY’S RATING SYMBOLS AND DEFINITIONS PUBLICATION FOR INFORMATION ON THE TYPES OF CONTRACTUAL FINANCIAL OBLIGATIONS ADDRESSED BY MOODY’S RATINGS. CREDIT RATINGS DO NOT ADDRESS ANY OTHER RISK, INCLUDING BUT NOT LIMITED TO: LIQUIDITY RISK, MARKET VALUE RISK, OR PRICE VOLATILITY. CREDIT RATINGS AND MOODY’S OPINIONS INCLUDED IN MOODY’S PUBLICATIONS ARE NOT STATEMENTS OF CURRENT OR HISTORICAL FACT. MOODY’S PUBLICATIONS MAY ALSO INCLUDE QUANTITATIVE MODEL-BASED ESTIMATES OF CREDIT RISK AND RELATED OPINIONS OR COMMENTARY PUBLISHED BY MOODY’S ANALYTICS, INC. CREDIT RATINGS AND MOODY’S PUBLICATIONS DO NOT CONSTITUTE OR PROVIDE INVESTMENT OR FINANCIAL ADVICE, AND CREDIT RATINGS AND MOODY’S PUBLICATIONS ARE NOT AND DO NOT PROVIDE RECOMMENDATIONS TO PURCHASE, SELL, OR HOLD PARTICULAR SECURITIES. NEITHER CREDIT RATINGS NOR MOODY’S PUBLICATIONS COMMENT ON THE SUITABILITY OF AN INVESTMENT FOR ANY PARTICULAR INVESTOR. MOODY’S ISSUES ITS CREDIT RATINGS AND PUBLISHES MOODY’S PUBLICATIONS WITH THE EXPECTATION AND UNDERSTANDING THAT EACH INVESTOR WILL, WITH DUE CARE, MAKE ITS OWN STUDY AND EVALUATION OF EACH SECURITY THAT IS UNDER CONSIDERATION FOR PURCHASE, HOLDING, OR SALE.

MOODY’S CREDIT RATINGS AND MOODY’S PUBLICATIONS ARE NOT INTENDED FOR USE BY RETAIL INVESTORS AND IT WOULD BE RECKLESS AND INAPPROPRIATE FOR RETAIL INVESTORS TO USE MOODY’S CREDIT RATINGS OR MOODY’S PUBLICATIONS WHEN MAKING AN INVESTMENT DECISION. IF IN DOUBT YOU SHOULD CONTACT YOUR FINANCIAL OR OTHER PROFESSIONAL ADVISER. ALL INFORMATION CONTAINED HEREIN IS PROTECTED BY LAW, INCLUDING BUT NOT LIMITED TO, COPYRIGHT LAW, AND NONE OF SUCH INFORMATION MAY BE COPIED OR OTHERWISE REPRODUCED, REPACKAGED, FURTHER TRANSMITTED, TRANSFERRED, DISSEMINATED, REDISTRIBUTED OR RESOLD, OR STORED FOR SUBSEQUENT USE FOR ANY SUCH PURPOSE, IN WHOLE OR IN PART, IN ANY FORM OR MANNER OR BY ANY MEANS WHATSOEVER, BY ANY PERSON WITHOUT MOODY’S PRIOR WRITTEN CONSENT.

CREDIT RATINGS AND MOODY’S PUBLICATIONS ARE NOT INTENDED FOR USE BY ANY PERSON AS A BENCHMARK AS THAT TERM IS DEFINED FOR REGULATORY PURPOSES AND MUST NOT BE USED IN ANY WAY THAT COULD RESULT IN THEM BEING CONSIDERED A BENCHMARK.

All information contained herein is obtained by MOODY’S from sources believed by it to be accurate and reliable. Because of the possibility of human or mechanical error as well as other factors, however, all information contained herein is provided “AS IS” without warranty of any kind. MOODY'S adopts all necessary measures so that the information it uses in assigning a credit rating is of sufficient quality and from sources MOODY'S considers to be reliable including, when appropriate, independent third-party sources. However, MOODY’S is not an auditor and cannot in every instance independently verify or validate information received in the rating process or in preparing the Moody’s publications.

To the extent permitted by law, MOODY’S and its directors, officers, employees, agents, representatives, licensors and suppliers disclaim liability to any person or entity for any indirect, special, consequential, or incidental losses or damages whatsoever arising from or in connection with the information contained herein or the use of or inability to use any such information, even if MOODY’S or any of its directors, officers, employees, agents, representatives, licensors or suppliers is advised in advance of the possibility of such losses or damages, including but not limited to: (a) any loss of present or prospective profits or (b) any loss or damage arising where the relevant financial instrument is not the subject of a particular credit rating assigned by MOODY’S.

To the extent permitted by law, MOODY’S and its directors, officers, employees, agents, representatives, licensors and suppliers disclaim liability for any direct or compensatory losses or damages caused to any person or entity, including but not limited to by any negligence (but excluding fraud, willful misconduct or any other type of liability that, for the avoidance of doubt, by law cannot be excluded) on the part of, or any contingency within or beyond the control of, MOODY’S or any of its directors, officers, employees, agents, representatives, licensors or suppliers, arising from or in connection with the information contained herein or the use of or inability to use any such information.

NO WARRANTY, EXPRESS OR IMPLIED, AS TO THE ACCURACY, TIMELINESS, COMPLETENESS, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OF ANY CREDIT RATING OR OTHER OPINION OR INFORMATION IS GIVEN OR MADE BY MOODY’S IN ANY FORM OR MANNER WHATSOEVER.

Moody’s Investors Service, Inc., a wholly-owned credit rating agency subsidiary of Moody’s Corporation (“MCO”), hereby discloses that most issuers of debt securities (including corporate and municipal bonds, debentures, notes and commercial paper) and preferred stock rated by Moody’s Investors Service, Inc. have, prior to assignment of any rating, agreed to pay to Moody’s Investors Service, Inc. for ratings opinions and services rendered by it fees ranging from $1,000 to approximately $2,700,000. MCO and MIS also maintain policies and procedures to address the independence of MIS’s ratings and rating processes. Information regarding certain affiliations that may exist between directors of MCO and rated entities, and between entities who hold ratings from MIS and have also publicly reported to the SEC an ownership interest in MCO of more than 5%, is posted annually at www.moodys.com under the heading “Investor Relations — Corporate Governance — Director and Shareholder Affiliation Policy.”

Additional terms for Australia only: Any publication into Australia of this document is pursuant to the Australian Financial Services License of MOODY’S affiliate, Moody’s Investors Service Pty Limited ABN 61 003 399 657AFSL 336969 and/or Moody’s Analytics Australia Pty Ltd ABN 94 105 136 972 AFSL 383569 (as applicable). This document is intended to be provided only to “wholesale clients” within the meaning of section 761G of the Corporations Act 2001. By continuing to access this document from within Australia, you represent to MOODY’S that you are, or are accessing the document as a representative of, a “wholesale client” and that neither you nor the entity you represent will directly or indirectly disseminate this document or its contents to “retail clients” within the meaning of section 761G of the Corporations Act 2001. MOODY’S credit rating is an opinion as to the creditworthiness of a debt obligation of the issuer, not on the equity securities of the issuer or any form of security that is available to retail investors.

Additional terms for Japan only: Moody's Japan K.K. (“MJKK”) is a wholly-owned credit rating agency subsidiary of Moody's Group Japan G.K., which is wholly-owned by Moody’s Overseas Holdings Inc., a wholly-owned subsidiary of MCO. Moody’s SF Japan K.K. (“MSFJ”) is a wholly-owned credit rating agency subsidiary of MJKK. MSFJ is not a Nationally Recognized Statistical Rating Organization (“NRSRO”). Therefore, credit ratings assigned by MSFJ are Non-NRSRO Credit Ratings. Non-NRSRO Credit Ratings are assigned by an entity that is not a NRSRO and, consequently, the rated obligation will not qualify for certain types of treatment under U.S. laws. MJKK and MSFJ are credit rating agencies registered with the Japan Financial Services Agency and their registration numbers are FSA Commissioner (Ratings) No. 2 and 3 respectively.

MJKK or MSFJ (as applicable) hereby disclose that most issuers of debt securities (including corporate and municipal bonds, debentures, notes and commercial paper) and preferred stock rated by MJKK or MSFJ (as applicable) have, prior to assignment of any rating, agreed to pay to MJKK or MSFJ (as applicable) for ratings opinions and services rendered by it fees ranging from JPY125,000 to approximately JPY250,000,000.

MJKK and MSFJ also maintain policies and procedures to address Japanese regulatory requirements.

Related Issuers
Related Research
Moodys.com