Moody’s and Cyber

Understanding and building cyber resilience

The exponential rise of cyberattacks and ransomware has cost companies billions of dollars, threatened the stability of businesses across the globe and created an imperative for business leaders and boards to assess and quantify their cyber risk.

Understanding cyber risk is critical to informing key strategy decisions – from security initiatives to budget allocation – and extends to a company’s supply chain risk, investor confidence, and operating transparently with regulators and the market.

 

Through the transaction announced on September 13, 2021, Moody’s will make a significant investment in BitSight, a pioneer in cybersecurity ratings and analytics, and BitSight will acquire VisibleRisk, a cyber risk quantification joint venture created by Moody’s and Team8, a global venture group.

Moody's investment advances its mission as a global integrated risk assessment firm – providing cybersecurity ratings and analytics at scale to help leaders make better decisions.

 

è  è ²ç§ æ  ç· æ¢ å ¨æ ºæ…§å  å¸

Helping leaders build resilience and incorporate cybersecurity intelligence into corporate decision making


Cyber Analytical Tools



Credit ratings & research

How is cyber risk integrated into credit analysis?

Moody’s credit analysis seeks to incorporate all issues that can materially impact credit quality, including cyber risk, and aims to take the most forward-looking perspective, providing visibility into these material risks.

We assess the inherent cyber risk exposure of 35 broad sectors based on two factors: vulnerability to a cyber event or attack, and the impact in terms of potential disruption of critical business processes, data disclosures and reputational effects. Given our new partnership with BitSight, we will explore integrating curated BitSight data and insights into our analysis.



Credit implications of cyber risk will hinge on business disruptions, reputational effects

Cyber Risk – 2022 Outlook


Global Cyber Risk Issuer Surveys

How do issuers manage cyber risks?

To assess the cyber risk preparedness of insurers, insurance brokers and asset managers, we surveyed 100 companies in North America and Europe. 

We globally surveyed issuers to assess their cyber risk preparedness owing to the financial, reputational and regulatory risks cyberattacks pose for the sectors.

Cybersecurity experience & reporting

Very large companies report more cyber expertise at the board level

% of board directors with cyber credentials


P&C insurers report on cyber to board committee twice a year on average

Times per annum head of cybersecurity reports to board committee

Global Cyber Risk Issuer Surveys


Cybersecurity Ratings

How do we measure cybersecurity risk, performance and exposure?

BitSight is transforming how the market addresses cyber risk through cybersecurity ratings and analytics, helping leaders make critical decisions regarding risk management, quantify financial exposure, prioritize security initiatives, allocate budget and resources, and report effectiveness to board directors and stakeholders.

Through the acquisition of VisibleRisk, BitSight will enhance these capabilities, allowing companies to conduct deeper analysis and better understand their overall cyber resilience.


BitSight exposes cyber risk within an organization’s third- and fourth-party supply chain ecosystem, helping organizations collaborate with vendors and in turn provide data to make confident, faster, more strategic cyber risk management decisions.


BitSight helps organizations continuously measure and monitor security program performance and efficacy, analyze and calculate financial exposure to cyber risk, allocate limited resources to focus on the areas that will have the greatest impact on their cyber risk management programs, and facilitate data-driven conversations around security that help maintain the trust of the marketplace.


BitSight allows investors and organizations to perform enhanced cybersecurity due diligence and ongoing monitoring of their investment portfolios or M&A targets.


BitSight enables cyber insurance carriers, reinsurers, brokers and risk managers to seamlessly identify and measure the risk associated with underwriting cyber liability.


BitSight enables governments, CERTs and National Law Enforcement organizations to measure, monitor and investigate cybersecurity risks in their countries, industry sectors and key critical infrastructure companies.



Financial quantification of cyber risk

How can data and insights help quantify the impact of a potential cyber attack on a company’s financial performance?

Financial quantification of cyber risk has become a critical issue for enterprises.

BitSight offers an industry-leading financial quantification solution that allows decision makers to analyze and calculate an organization’s financial exposure to cyber risk. VisibleRisk has also developed an innovative approach to financial quantification of cyber risk. The transaction announced in September 2021 will allow BitSight and VisibleRisk to build on their leading offerings to deliver a suite of solutions and analytics that support financial quantification of cyber risk, measuring cyber value at risk and other critical analytics that serve a variety of stakeholders ranging from CISOs to executives.

g

Four primary risk factors


Threat Threat
Fortitude Fortitude
governance Governance
risk Risk

Learn more about our cyber journey

“Providing trusted insights and standards that help decision makers act with confidence is at the heart of our business.  As the disruption and impact of cyber-related losses continues to grow exponentially, the ability to better understand, measure and manage cyber risk and exposure is critical.  We are delighted to partner with BitSight, the leader in cybersecurity ratings, to help our customers build cyber knowledge to fortify operational resilience and support the growth of their businesses.”


SEPTEMBER 2021

Moody’s and BitSight announce creation of leading cybersecurity rating platform

MAY 2021

Moody’s and Team8 announce investment in VisibleRisk as it launches cyber rating

JUNE 2019

Moody’s and Team8 launch joint venture to create a global cyber risk standard

OCTOBER 2015

Moody’s integrates cyber risks  into credit analysis