Dive Brief:
- Last week, ratings firm Moody's delivered its first outlook downgrade caused by cybersecurity, CNBC reports. The recipient was credit agency Equifax, protagonist of a high profile data breach in 2017.
- Equifax's outlook went to negative, a response to the financial impact of "potential global litigation" and "higher than expected" IT costs, according to the New York ratings firm. It's previous rating was stable.
- The cybersecurity scandal, which landed personal data of 143 million people on the dark web, will run Equifax about $1.4 billion in legal expenses and IT investments, per Moody's estimates.
Dive Insight:
Moody's move signals clear, strong ties between data breaches and bottom line for companies. In turn, protecting organizations against cyberthreats is a companywide priority.
IT decision makers can expect cybersecurity risks to continue to impact their companies financially, according to Anthony Vance, professor at Temple University and director of the Center for Cybersecurity at Fox School of Business, in an interview with CIO Dive.
"There haven't really been long-term repercussions for mega-breaches," said Vance. "There have been initial hits to the stock price, but what's interesting here is that it's the first time [Moody's] specifically said the breach was a reason for the downgrade."
Beyond IT investment, Moody's added cybersecurity risks into its assessments will also take into consideration the potential damage a breach could do to a company's reputation, the firm said in a February report.
The firm identified four "high-risk" sectors for cyberattacks: banks, securities firms, market infrastructure providers and hospitals, due to their heavy tech reliance for operations. Combined, these markets represent $11.7 trillion in rated debt outstanding.
Moody's does say the Equifax could return to a stable outlook if it expects the company to improve its position. In the meantime, Equifax is pushing forward with an aggressive IT investment strategy to become a data and technology leader.
