Skip to content

The announcement of the company – whose credit ratings can influence global markets – comes as Biden administration officials urge large companies to be more transparent about the security of their software. Several high-profile supply chain hacks and ransomware attacks have rocked businesses and other organizations over the past year, costing businesses millions of dollars and compromising their operations.

To better assess the risks that ransomware and other digital threats pose to Fortune 500 companies and government agencies, Moody’s is investing $ 250 million in BitSight, which uses an algorithm to assess the likelihood of an organization being breached. Moody’s first shared the news with CNN Business.

As part of the deal, Moody’s will become Bitsight’s largest minority shareholder. In addition, BitSight will acquire a cyber risk rating system created by Moody’s and Team8, a company that touts itself as a “think tank” focused on global cybersecurity issues.

“There is just a lot of opacity around cyber risk,” Moody’s CEO Rob Fauber told CNN Business. “You have trade-offs that have serious operational and organizational implications. It affects a wider range of industries and the stakes are higher than they have ever been.”

Fauber said the $ 250 million would be used to improve BitSight’s data and risk management offerings, among other products. BitSight, which says its customers include 20% of Fortune 500 companies, will be able to perform more detailed risk assessments and “translate more clearly [that] at the risk of financial loss, ”Fauber said.

Understanding cybersecurity risk has become a national security imperative and an economic imperative.

In recent months, U.S. corporate and government officials have been taken aback by ransomware attacks that have forced critical infrastructures to go offline and compromised massive amounts of private information.

Colonial Pipeline, one of the largest oil pipelines in the United States, has been taken offline for days this spring, causing widespread shortages at gas stations along the east coast. The company paid millions to a hacking group to solve the incident, although some of that money was later recovered by authorities.

Victims of ransomware attacks paid some $ 350 million in ransoms in 2020, according to Chainalysis, a company that tracks cryptocurrency. But that’s only a partial view of the total ransoms paid, and those who don’t pay can spend millions of dollars to rebuild their IT infrastructure.

Hackers can also be difficult to detect, and U.S. officials fear that a lack of transparency about how attacks spread could mean that a single breach has the capacity to spill over into many industries.

Last year, for example, suspected Russian spies exploited software made by federal contractor SolarWinds to infiltrate at least nine US agencies and around 100 companies. Hundreds of electric utilities in North America have also downloaded the malicious software update used by Russian hackers, providing a potential anchor in these organizations, although there is no evidence that the hackers took advantage of the backdoor of these utilities to carry out further intrusions.
Moody’s Spends $ 250 Million to Protect America’s Largest Companies From Cyber ​​Attacks

Fauber said SolarWinds’ compromises were a big reason for Moody’s to invest more in cybersecurity risk programs.

The breaches also prompted President Joe Biden to issue an executive order in May requiring federal contractors to meet a minimum set of security standards regarding data management and attack reporting.

US officials see the executive decree as a step to encourage some private companies to provide more secure software and a rating system to measure that security. The directive directs the Commerce Department to put in place a program to label consumer electronics devices, such as wireless routers, with a cybersecurity rating.

“You are seeing increased attention from governments and regulators in the United States and elsewhere to ensure that businesses are sufficiently focused on identifying, measuring and managing their exposure to cyber risk.” , Fauber said.


cnn World Gt