According to the new Moody’s Investors Service Report, four industry sectors face considerable financial risks from cyberattacks. These include the hospitals, market infrastructure providers, banks and securities companies.
Those four sectors were identified to have high cyber risk exposure because they are very much dependent on technology for everyday operations, content distribution and customer engagement. More digitalization and the interconnectedness in every sector and throughout different sectors is increasing exposure to cyberattacks.
Moody’s evaluated susceptibility to a cyberattack and the effect of such an attack on crucial businesses processes, data disclosure, and reputation damage. The report did not include a review of cybersecurity measures deployed to safeguard against attacks, except if mitigants were applied evenly across every sector, like supply chain diversity. As a whole, 35 broad industry areas were evaluated and rated as low-risk, medium-risk, or high-risk.
The medical insurance, pharmaceutic, and medical device sectors had medium-risk rating. Hospitals had a high risk rating, mainly because of the sensitive and crucial nature of information utilized by hospitals, the high value of healthcare information to hackers, the growing number of vulnerabilities brought in by connected healthcare devices, and the time it takes to get back from an attack and the interruption to the operations while mitigating an attack.
It would be costly to mitigate a successful cyberattack. Breached entities need to spend more for technology and infrastructure, take care of the amount of regulatory penalties and lawsuit, pay greater insurance premiums, spend more on R&D, and attacks could have severe effect on reputation, which include higher customer churn rates and a decline in creditworthiness.
Cyber risk can be considered as an event risk which could have material effect on industries and issuer. The two main types of cyber risk include disclosure of data and disruption to business, which could have potential impact on issuers’ financial information and business leads.
The financial effect of a cyberattack could be considerable and sustainable therefore it is necessary for businesses and agencies in the high-risk industries to have good sources of liquidity to overcome the storm.
Although bigger hospitals probably have more financial sources to spend on mitigating problems and getting back from cyberattacks, they aren’t safe to attack and could still experience a substantial financial impact, particularly thinking about the hospitals that haven’t obtained cyber insurance because of its high cost.
Cyberattacks on companies and organizations with high-risk ratings could possibly be devastating, impacting the capacity of breached entities to repay debts. Put together, the four high-risk industries have $11.7 trillion debt to pay.
Besides the monetary costs and harm to an attacked entity, cyberattacks in the high-risk industries would probably have broad ripple effects and a extended effect on other industries.