KEY POINTS
  • The new head of Moody's Cyber Risk Group discusses how it plans to start looking at rating the cyber risk of companies and organizations.
  • Within the next quarter, the company intends to outline a list of industries it will consider in a higher risk category for cyber incidents.
  • Several companies — ranging from consumer credit firms to insurance companies — are investing in credit risk ratings and research, but there remains a lack of clarity on cyber risk for investors.
FILE- In this Sept. 20, 2012, file photo, trader Andrew Silverman, left, works on the floor of the New York Stock Exchange. European stocks edged higher on Monday, Oct. 1, 2012, as investors cautiously welcomed the result of stress tests of Spain's banks. But the threat that Moody's might downgrade the country's debt rating to junk status limited gains.(AP Photo/Richard Drew, File)

Moody's will soon start using its credit-rating expertise to evaluate organizations on their risk to a major impact from a cyberattack.

That move might be a game-changer for many institutional and individual investors, who often struggle to quantify the potential impact of a significant cybersecurity incident into a meaningful rating. Ratings agencies including Moody's have been warning for years that cyber issues, including lax controls or a meaningful breach, could lead to a downgrade. But this is a first real step toward codifying those predictions.