{"id":3924,"date":"2022-12-21T14:36:20","date_gmt":"2022-12-21T14:36:20","guid":{"rendered":"https:\/\/itegriti.com\/kw022024\/?p=3924"},"modified":"2023-01-10T14:11:40","modified_gmt":"2023-01-10T14:11:40","slug":"key-highlights-from-moodys-2023-cybersecurity-report","status":"publish","type":"post","link":"https:\/\/itegriti.com\/kw022024\/2022\/cybersecurity\/key-highlights-from-moodys-2023-cybersecurity-report\/","title":{"rendered":"6 Key Highlights from Moody’s 2023 Cybersecurity Report"},"content":{"rendered":"

Summary: Cyber risk continues to rise as geopolitical tensions mount, and governments and industries are taking action to reduce cyber exposure. Regulations tightening cybersecurity requirements in industry and increasing demand for cyber insurance are two of the significant global policy trends expected in the coming year, according to the <\/em>2023 Cyber Risk Global Outlook from Moody\u2019s Investors Service<\/em><\/a>. How will these efforts affect businesses and their credit in 2023? <\/em><\/p>\n

Ransomware attacks shift away from the US<\/h2>\n

By far, the majority of ransomware attacks\u201449% of all attacks worldwide in 2021\u2014have been directed against the US. However, ransomware groups are beginning to diversify their geographic attack patterns in response to recently increased pressure from the US government through sanctions, arrests, and cryptocurrency seizures. While the US still has the most attacks, its significance is dwindling.<\/p>\n

According to Moody\u2019s report, between 2020 and 2022, the global percentage of ransomware attacks in North America decreased from 65% to 46%. While this is happening, there are further attacks in other areas. For instance, the cybersecurity company SonicWall reports that in the first half of 2022, attacks in Europe increased by 63%<\/a>. The change will be favorable for US issuers’ credit but detrimental for businesses in areas where ransomware instances are on the rise.<\/p>\n

Incident reporting mandates are growing<\/h2>\n

A significant positive is that the US, EU, Canadian, and Indian governments have taken steps to tighten cybersecurity and disclosure obligations. Standardized disclosure frameworks will boost transparency and probably encourage businesses to prioritize cybersecurity.<\/p>\n

Disclosure requirements are beneficial to credit for several reasons. They first give market participants more transparency. Participants could compare businesses based on how well they are managing their cyber risk under the proposed guidelines. Governments also gain from disclosures because they need data to gauge the scope of cyber hazards and create effective countermeasures.<\/p>\n

Disclosure requirements aid in creating defense benchmarks that businesses can utilize to strengthen their cybersecurity. They also lessen systemic risk since corporations are given access to information about attack efforts, which they can employ to stop attacks or spot malicious activity on their networks. The Cybersecurity and Infrastructure Security Agency<\/a> (CISA), for instance, gathers cyber event reports from targeted firms, studies patterns, and disseminates anonymized data to assist organizations in managing risk.<\/p>\n

However, measures with tight reporting deadlines and public disclosure will increase the risk for their members. \u201cShort timelines for disclosure are one such challenge because public reporting on an attack still in progress could arm hackers with real-time feedback allowing them to make the attack more effective. A disclosure that takes place too soon could hamper an ongoing investigation into an attack. Disclosure mandates add operational burdens, too, especially for entities that report to more than one regulator. The resources required for complying with these measures can be considerable,\u201d writes Leroy Terrelonge, Vice President – Senior Analyst at Moody\u2019s Investors Service.<\/p>\n

Cyber insurance demand outweighs supply<\/h2>\n

Insurance firms continue to be wary of their exposure to systemic cyber risk as the number, size, and sophistication of cyberattacks increase globally. As a result, insurers are boosting costs and limiting their cyberattack coverage. These steps will lessen the risk that insurers face from significant losses. On the other hand, organizations will need to invest more in enhancing their cyber preparedness in order to get cyber insurance or develop alternate techniques for shifting cyber risks as coverage becomes more limited and expensive.<\/p>\n

Six key takeaways<\/h2>\n

The report, available to Moody\u2019s subscribers<\/a>, includes six major takeaways:<\/p>\n