Health care providers are among the top four industries cited by Moody's Investors Service as particularly vulnerable to the after-shock of a cyberattack.
In a summary of a report to investors, Moody's notes that "the threat of cyberattacks continues to rise across all sectors, and the implications could start taking a higher priority in credit analysis. … Industries which house significant amounts of personal data, such as financial institutions, health care entities, higher education organizations and retail companies are at greatest risk to experience large-scale data theft attacks resulting in serious reputational and financial damage."
The core of the report essentially consists of a warning to investors that, while cyberattacks and mass data thefts in and of themselves probably won't take down a stock, such attacks represent a factor that will increase in importance over time.
Recommended For You
"Cyber risk means different things for different sectors," says Jim Hempstead, Moody's Associate Managing Director and lead author of the report. "While we do not explicitly incorporate cyber risk as a principal credit factor today, our fundamental credit analysis incorporates numerous stress-testing scenarios, and a cyber event could be the trigger for one of those stress scenarios."
Investors may attempt to do their due diligence around how well prepared a company or industry sector is to manage cyber risks. But, Moody's says, such due diligence is extremely complicated "owing to the complexity of the problem."
The report includes "key factors to examine when determining a credit impact associated with a cyber event, including the nature and scope of the targeted assets or businesses, the duration of potential service disruptions and the expected time to restore operations."
Steps are being taken by some major companies to address this growing threat to both their data and their share value.
"More cyber security expertise is being added to boards and trustee governance," says Hempstead. "We expect many issuers will create distinct cyber security subcommittees, which is a material credit positive."
It says that other sectors where cyber risks are heightened include electric utilities, power plant operators, and water and sewage system owners.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Dan Cook
Dan Cook is a journalist and communications consultant based in Portland, OR. During his journalism career he has been a reporter and editor for a variety of media companies, including American Lawyer Media, BusinessWeek, Newhouse Newspapers, Knight-Ridder, Time Inc., and Reuters. He specializes in health care and insurance related coverage for BenefitsPRO.
