Moody's and Standard & Poor to Factor Cybersecurity into Creditworthiness Determinations
Following an earlier announcement by Standard & Poor, Moody's recently announced that it will take companies' information security preparedness into account in its analysis of creditworthiness. Moody's announced that breach prevention, detection, and response, as well as cyber defense capabilities, are going to become higher priorities.
In a press release issued in connection with the release of its recent report, "Cross Sector-Global: Cyber Risk of Growing Importance to Credit Analysis," Moody's noted that, while it does not explicitly incorporate cyber risk as a principal credit factor at this time, its analysis incorporates a number of stress-testing scenarios, of which a cyber event could be a trigger.
Moody's report identifies several factors it examines when determining the credit risk associated with a cyber event, including the nature and extent of targeted assets and businesses, the likely duration of potential disruptions in service, and the timeframe required to reinstate operations.
Industries likely to pose the highest risk include those which store large amounts of personal information, such as financial institutions, health care companies, retail companies, and educational institutions, which have the highest potential risk of reputational and financial damage resulting from large-scale data theft.
Moody's press release also discussed industry segments it expects to pose a lower credit risk, including critical infrastructure, such as electric utilities, power plants, and water and sewer systems. While it acknowledged that cyberattacks on such industries could cause significant economic turmoil, it anticipates that such losses would be offset by immediate government intervention to restore operations.
Moody's announcement comes on the heels of a similar announcement by ratings company Standard & Poor, which indicated in September 2015 that it views financial organizations as susceptible to reputational and monetary damage from cyber events and would consider downgrades for institutions which fail to implement appropriate security measures.
If you have any questions regarding this update, please contact John Hines at email@example.com | (312) 985-5927 or Jennifer Woods at firstname.lastname@example.org | (312) 985-5931.
Clark Hill PLC's Cybersecurity, Data Protection and Privacy team provides the legal expertise to work with financial institutions as they adjust to the requirements of the new cybersecurity era. Clark Hill's team approach to cybersecurity preparedness brings together attorneys from our core practice groups that are experienced in bank regulatory issues as well as information technology transactions.
The Current Whipsaw in Labor Law: Recent NLRB Developments and the Direction of the Biden Administration
While President Biden makes historic decisions, such as the firing of the NLRB’s General Counsel in January, many employers are wondering what impact “Biden’s NLRB” will have on their workforce. As new board members are confirmed, what changes should employers expect from the new NLRB?
FAQs: Mandatory COVID-19 Vaccines and the Automotive & Manufacturing Industries
Join us for a presentation where we will share the considerations, implications, and answer your frequently asked questions surrounding the implementation of mandatory COVID-19 vaccines.
The Basics: A Quick, But Important, Primer on Handling Fidelity Bond Claims Webinar
As workplaces across America open up this summer, now is the perfect time for a tune up on handling fidelity bond claims. Join a team of Clark Hill fidelity attorneys who will provide an overview of fidelity, coverage, noteworthy cases reported during the pandemic, key coverages and strategies for navigating a wide variety of claims.