Moody’s, following the example of S&P, has added cyber risk to it’s stress tests when determining the credit rating of an organization. This is a forward thinking move by these organizations, as the technology, intellectual property, processes, and capability to do business is now abundantly dependent upon the information technology and it’s resiliency to disruptions.
While this is a first step – it is just another perspective for leaders of every company to consider as they expand their dependence on technology. In 2010 I wrote most businesses were becoming software companies, and today it is even more so … though not wholly obvious. To sustain future operations, be innovative, and frankly remain relevant businesses must be cyber resilient to ensure their products win in the market and operate safely within the margins expected.
Check out the Moody’s press release below, and if you are a customer you can read their full report too!
Other sectors considered critical infrastructure such as electric utilities, power plants, or water and sewer systems are more exposed to attacks that could lead to large-scale service disruption, causing substantial economic — and possibly environmental — damages to sovereign, state and local governments or utilities. However, Moody’s believes such an attack would elicit immediate government intervention to restore operations, resulting in lower potential credit risk.
**It is interesting to me that Moody’s believes the worst of possible cyber failures will be financially backed by governments and not born by the business, yet this was/is not the case with Oil spills (such as BP in the Gulf). It’d be interesting to examine that analysis further to better appreciate their point of view.