According to credit rating agency Moody’s, cyberattacks have become more frequent and impactful, now posing a material risk to credit ratings. In its latest report, Moody’s analyzed 9,600 rated debt issuers globally, revealing that the annual rate of cyber incidents has climbed from 4–5% before 2019 to around 7% since 2020.
The primary driver behind this rise, the agency noted, is the growing reliance on third-party software providers, whose vulnerabilities are increasingly exploited by threat actors. The report also cautioned that advancements in artificial intelligence will likely increase the volume and sophistication of cyberattacks in the near future.
Despite most incidents not leading to immediate downgrades, 14 organisations have had their credit ratings revised following cyber breaches — including three high-profile cases in the past year: Mount Sinai Hospital, Ethypharm (Financiere Verdi I S.A.S.), and Ascension Health Alliance. These downgrades were primarily linked to ransomware-induced disruptions in operations and revenue collection.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
One Breach Breeds Another: Cyber Vulnerability is Persistent
Moody’s findings highlight that a single cyber incident significantly increases the likelihood of future attacks. Since 2015, one in three organisations in the study faced at least one cyber breach. Among those:
- 25% were attacked again within a year
- 33% experienced another breach within two years
Entities with a history of cyber incidents were found to be four to five times more likely to face future attacks than those with no prior breaches.
Moody’s attributes this recurrence to several intertwined issues:
- Inadequate remediation of root causes
- Delayed patching of known vulnerabilities
- Media coverage that may inadvertently alert new attackers to existing weaknesses
The study underscores that cyber risk is not a one-time event but a persistent operational and reputational threat that demands long-term, proactive mitigation strategies.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Sector-Wise Impact: Hospitals, Housing, Telecom at Highest Risk
Moody’s analysis also reveals sector-specific vulnerabilities, with notable differences in both incident frequency and recurrence:
- Not-for-profit hospitals top the chart, with 42% experiencing at least one breach since 2022, and 14% suffering repeat incidents within a year. The combination of sensitive healthcare data, critical services, and limited cyber budgets makes them a frequent target.
- Public-sector housing entities had the highest recurrence rate, with 26% experiencing multiple incidents in a year, largely due to legacy IT infrastructure and underinvestment in cybersecurity upgrades.
- Telecommunications faced high breach rates, with 31% of issuers reporting cyber incidents since 2022 and 11% affected more than once. Their critical role in national infrastructure and vast data handling capabilities make them attractive targets.
Even sectors typically associated with strong cyber governance, like banking, showed high recurrence rates. Moody’s suggests this could be due to the targeted nature of attacks or mandatory disclosure norms, which make such breaches more visible.