$22 trillion in debt at risk, warns Moody's
Critical infrastructure and healthcare have 'very high' risk.
Nearly a third of global rated debt has 'high' or 'very high' exposure to cyber risks in 2022, a new report by credit ratings agency Moody's Investors Service has discovered.
That represents $22 trillion of the more than $80 trillion in Moody's global rated debt, across 71 sectors - an increase of about $1 trillion from the agency's previous analysis in 2019.
Moody's examined two equally weighted factors for its Cyber Heatmap report: exposure to cyber risk (systemic role and digitalisation), and mitigation (cyber best practices, perimeter vulnerability and estimated financial loss).
The rating agency scored each of the 71 sectors based on these factors, assigning them a risk level of 'low,' 'moderate,' 'high' or 'very-high'. Utilities and public sector organisations were seen as being in particular danger.
For example, the report lists critical infrastructure - such as electric, gas, and water utilities, which all rely on data for their operations - as having 'very high' risk.
Although there is little financial gain for an attacker by targeting a water or power utility, these organisations often have weak security, which makes them appealing targets.
Not-for-profit hospitals also received a 'very high' rating.
'We view not for profit hospitals as being highly attractive, data-rich targets with average mitigation measures in place to reduce the impact of a potential cyber event,' said Moody's.
Healthcare providers like the NHS and Irish Health Service have suffered from increasing ransomware attacks in recent years.
The sectors with 'high' exposure to cyber risks are technology, telecommunications, banking, and the midstream part of the energy industry. Financial institutions in particular have a very high systemic role - one of Moody's factors - because of the larger banking system's central function in a functioning economy.
Manufacturing, retail & apparel, regional & local governments, advanced economies & emerging countries, and integrated oil are all categorised as moderate-risk sectors.
Low-risk sectors include real estate, structured finance, mining, public sector housing, and independent exploration & production. Due to the localised nature of these sectors, any successful attack is unlikely to impact the rest of the economy.
Steven Libretti, an analyst and lead author of the report, said that despite growing cyber risk, Moody's has also seen a growth in security investments as industries prioritise the need to assess and quantify the risk, to mitigate supply chain risk and maintain investor confidence.