Should Cyber Risk be Part of your Organization’s Credit Rating?

business documents on office table with smart phone and digital tablet and graph financial with social network diagram and man working in the background

Info Security Magazine ran an interesting story on December 27th entitled "Credit Rating Agencies are Evaluating Cyber Security Risks, So Should You." It's a good read and reveals some interesting information about a new direction by the Credit Agencies.

I sometimes feel we are all getting desensitized to data breach headlines. The storage of personal data on systems outside our control that we may be beginning to accept it as a part of our lives. However, it is not just consumers that are concerned about a breach and its impact on an organization. The article stated that in 2019 Moody's downgraded the outlook of a company from Stable to Negative. The reason? Evidently, the company had to make significant cybersecurity "catch up" investments following a large data breach a couple of years prior. What are the lessons to be learned?

  • The negative repercussions from a breach are not time-bounded. They can continue, as in this case, for years.
  • Repercussion such as a credit downgrade can negatively impact the future business prospects
  • The need to actively monitor the security of our third-party service providers continues to become more critical.
  • A downgrade may serve as a red flag leading to fines and sanctions.

All states have laws require companies to develop an information security plan identifying steps they take to protect consumers.

These plans, among other items, identify the actions taken to beef up security at the organizations. Don't get caught without a Cyber Security Plan approved by your board. It may help avoid unnecessary negative attention from the credit agencies.

PureIT can assist you in the preparation of a robust Information Security Plan. Our vCISO resources are skilled and experienced all facets of Cyber Security program design and management.