Credit Risk To Rise Amid Cyberattacks On Larger Companies - Moody's
Moody's says cyber risk will intensify next year as attackers switch tactics in response to better corporate cyber defenses
(The Corner Office Journal) -- Moody's Ratings said credit risk is set to rise in 2025 as ransomware attackers will shift to targeting larger organizations, leading to a greater overall credit impact.
“Cyber risk will intensify next year as attackers switch tactics in response to better corporate cyber defenses and as advances in artificial intelligence (AI) increase the volume and sophistication of their strikes,” Moody's said in a note.
The rating agency ransomware attacks are increasing, both in number and size of ransom demand, but the share of victims paying the ransom is falling due to greater adoption of cybersecurity measures and business continuity plans. As a result, the ransomware groups are prioritizing attacks against larger organizations that can afford higher ransom payments, it added.
“Because outstanding debt is concentrated in issuers with higher revenues, we expect this shift will increase the potential credit impact for a higher share of rated companies,” Moody's said.
Ransomware Attacks Surge
Moody's said according to the cyber-threat intelligence company Recorded Future, the number of ransomware attacks globally grew by 70% to 4,399 from 2,581 between 2022 and 2023.
At the same time, blockchain researchers at Chainalysis report that ransom payments rose to $1.1 billion in 2023, a new record, with 2024 on track to surpass this level, it added.
Moody's said the increase in ransomware attacks and larger losses could prompt higher loss ratios for cyber insurers, particularly in the US.
Enablers & Potential Risks
The rating agency said phishing attacks, aiming to entice a user into clicking a malicious link, will be turbocharged by Generative AI (GenAI). GenAI tools will enable attackers to craft personalized and compelling text, audio and video content that mimic legitimate communications from trusted entities, it added.
Moody's said cybercriminals often find the easiest attack path is through third-party software suppliers that are typically not as well protected as large companies. By compromising one supplier, they can attack a wide swath of that supplier's customers, it noted.
The rating agency said stolen credentials will remain a top means of access.
IBM researchers found that attacks using stolen credentials increased 71% between 2022 and 2023 and were the main way cybercriminals gained initial unauthorized access to companies' systems last year, it added.
Regulations
Moody's said in the November 2024 US elections, the Republican Party won the presidency, the Senate, and the House of Representatives, earning a mandate that will allow the new administration to make important changes to the cyber policy.
Republicans will likely roll back cybersecurity requirements and potentially curtail the activities of the Cybersecurity and Infrastructure Security Agency (CISA), it added, noting that this could expose issuers to a heightened risk of cyberattack.
Moody's, however, said the United Nations’ cybercrime treaty will strengthen the fight against cybercrime.
The rating agency said an upcoming vote on a new UN cybercrime treaty will improve international cooperation in the fight against cybercrime. The treaty will limit the presence of cybercrime safe havens, making it easier to disrupt cybercriminal gangs, and reduce the incidence of cyberattacks and the associated financial damage.
(Send feedback to editor@cornerofficejournal.com)
