- Moody's said Pitney Bowes' "solid financial position" would likely cushion the mail and logistics technology giant from significant impact from its October 14 ransomware attack.
- Business credit ratings agencies including Moody's are increasingly building cybersecurity risk into how they calculate outlook and credit ratings.
Moody's issued a "credit negative" event note on the Monday ransomware attack against Pitney Bowes, one of the world's largest providers of equipment for e-commerce and logistics, which serves 90% of businesses in the Fortune 500.
Moody's said the incident "does not have an immediate impact to ratings" but is "credit negative," meaning the ratings agency is cautiously watching the incident but does not think the incident warrants an outlook or rating downgrade.
Prior to 2019, ratings agencies rarely took a stance on how particular cybersecurity incidents could impact a company's credit or outlook. That is changing, and Moody's rapid response to an incident that is only three days old shows how closely the ratings firms are monitoring companies for how they immediately respond to a breach. If Moody's proceeds with a negative outlook or downgrade, Pitney Bowes could find it harder to raise money and the stock price is likely to be affected.
Pitney Bowes suffered a ransomware attack on October 14 that affected companies using its postage metering service, as well as commerce services including cross-border and shipping technology, according to the company.
The company informed clients throughout the week that their systems appear to not have been affected by the attack: "In consultation with our security advisors on this issue, we do not believe there are other client risks. The meters themselves run operating systems that are not affected. The meters will continue to operate as normal," the company said in a statement on Wednesday.
"The company's solid financial position, including good liquidity, make it unlikely this malware attack will have an immediate impact on Pitney Bowes' credit profile," Moody's said in a statement. "Additionally, per the company's SEC filings, Pitney Bowes maintains insurance coverage for cybersecurity incidents, which may defray costs associated with the malware attack."
Any future impact for the company will depend on the value of the encrypted data and how long the business interruption lasts, Moody's said.