Buybacks have gotten a bad rap from both Republicans and Democrats. But stocks would be trading at a massive discount without them.Marketsread more
Fiat Chrysler and France's Renault could soon partner up to take on the sweeping changes to the global auto industry, according to a report in the Financial Times. The...Autosread more
Microsoft shares have gained 133% since November 2015, outperforming a tech "basket of unicorns" over that stretch.Technologyread more
The president's state visit comes amid tensions with carmaker Toyota over potential auto tariffs. Trump has repeatedly threatened Japanese and European carmakers with tariffs.Traderead more
The IRS is about to release a new draft of Form W-4, which will more closely reflect the changes stemming from the Tax Cuts and Jobs Act. For workers, that means they'll need...Personal Financeread more
When commercial real estate investor Manny Khoshbin spent $2.2 million on the fastest production car in the world, he had no idea it would very quickly also become the...Autosread more
The Mega Millions jackpot has spilled over $400 million. It would be the ninth largest winning since the game began in 2002.Personal Financeread more
Trump was speaking at a meeting of Japanese business leaders in Tokyo during his state visit to Japan on Saturday.Marketsread more
The biggest U.S. gasoline price surge in years is running out of steam just in time for the start of the summer driving season.Energyread more
The federal minimum wage has remained $7.25 per hour since 2009. But several states, and even some companies, have since taken matters into their own hands to pay employees a...Workread more
Stocks rose on Friday, but notched weekly losses as investors worried the U.S.-China trade war is hurting economic growth.US Marketsread more
Moody's will soon start using its credit-rating expertise to evaluate organizations on their risk to a major impact from a cyberattack.
That move might be a game-changer for many institutional and individual investors, who often struggle to quantify the potential impact of a significant cybersecurity incident into a meaningful rating. Ratings agencies including Moody's have been warning for years that cyber issues, including lax controls or a meaningful breach, could lead to a downgrade. But this is a first real step toward codifying those predictions.
"For us, it's not something we view as a totally new idea," said Derek Vadala, who was named Oct. 17 to a new role heading Moody's Investors Services Cyber Risk Group. "We've been in the risk management business for a very long time. This is to enhance our thinking about credit as cyber becomes more and more important."
Moody's gives ratings — ranging from AAA to C — that are used to determine creditworthiness for companies, bonds, sovereign countries, structured finance transactions and issuers of infrastructure and project finance. Initially, the company will incorporate cyber risk into its existing credit ratings. After that, Vadala said, Moody's is considering a stand-alone cyber risk rating separate from the credit rank.
"We haven't yet moved a credit rating due to cyber risk or a cyber event, but we see the likelihood of credit-rating impact as steadily increasing," Vadala said. "Different sectors have different levels of credit sensitivity to cyber risk. For those higher-risk sectors, there will be impact down to the individual issuer-level over time."
Though they aren't yet saying which sectors will get scrutiny first, several stand out as especially exposed to risk from a cybersecurity crisis: The defense-industrial industry, financial sector, health care and critical infrastructure operators like energy, water, waste management and first responders all are considered high-risk categories.
Risks related to cyberattacks today aren't as linear as simple costs associated with cleaning up a breach, paying for credit monitoring or replacing fried computers. Companies that don't fall into these categories — for instance, Equifax — can see their core businesses heavily damaged, which is why the Cyber Risk Group also will focus assessments on reputational hazards.
"We're looking into different types of scenarios, to get into the details of what might affect certain companies," he said.
"If you look at the history of data breach and data disclosure issues, they're not quite as impactful as the business disruption events," Vadala said. "There are very specific scenarios that could apply to different companies in different sectors. An organization, for instance, that is involved in manufacturing has a much higher exposure to ransomware than another sector."
Quantifying cyber risk is a crowded marketplace, but it lacks a clear leader.
One of the better-known players is Fair Isaac, which launched its Cyber Risk Score in 2017. They have marketed the product, which resembles the familiar consumer credit rating scale, toward businesses facing regulatory oversight for cybersecurity that want a quick way to rate the security risk of their third-party providers.
Standard & Poor's and Fitch have also released guidance on how companies can view cyber risk. Most of the biggest insurance companies (with the notable exception of those managed by Warren Buffet) have cyber policies, alongside a variety of risk assessment and risk management services.
The demand for quantifying risk will increase as attacks move from fairly benign to to those that could break down a business entirely, Vadala said.
"When you think back to the early days of this cyber era, dating back to the Target and Home Depot breaches, this is where [cyber risk] became much more top-of-mind for pros outside the cybersecurity industry. But these weren't business-ending incidents, " he said.
"When you flash forward a few years, to the ransomware events that occurred, the financial impact of that is much more significant. It's still not business-ending at that point, but certainly as that financial impact continues to rise, the probability of one of these events creating a deep financial impact also rises."