WASHINGTON (Reuters) - Cyber attacks on the private sector are an increasingly important risk in corporate credit analysis, U.S. ratings agency Moody’s Investors Service said on Monday.
The threat of computer hacking varies from sector to sector and remains hard to measure because intrusions often go undetected or are not publicly disclosed, Moody’s said.
Likening cyber attacks to natural disasters, the agency said the two pose similar challenges in anticipating the duration or severity of problems in calculating ratings impact.
“We do not explicitly incorporate the risk of cyber attacks into our credit analysis as a principal ratings driver,” the report said. “But across all sectors, our fundamental credit analysis incorporates numerous stress-testing scenarios, and a cyber event, like other event risks, could be the trigger for those stress scenarios.”
Moody’s said cyber defense, detection, prevention and response will be a higher priority in credit assessments.
Risk awareness is growing and is a credit positive, the agency said, but it added that reducing risk is hard because the threats constantly evolve.
Electric, natural gas, water and power plants are one of the highest-risk sectors “because a successful disruption of utility services would trigger material knock-on effects to all other sectors,” the report said.
Larger utilities serving more people are likelier targets for hackers, though smaller ones may be less prepared to defend themselves, Moody’s noted.
It added that the government likely would intervene swiftly in a crippling cyber attack, reducing potential risk, which also confront telecommunications, data networks reliant on cloud computing services, retail, oil and gas, banking and housing.
Businesses possessing great quantities of personal data, such as financial or health care institutions or universities, risk major hacks, the report said.
Reporting by Dustin Volz; Editing by Lisa Shumaker