The map suggests that sectors that are $1.7bn in debt are at most risk: airlines and power generation also moved into that category this time
Moody’s Ratings has moved telecoms into the Very High Risk category in its annual cyber heat map, as major telecom companies have experienced damaging cyberattacks in recent years. Like other very high risk industries, they are “highly digitized and play a crucial role in the functioning of society and the economy”. After being “highly digitized” the second factor that contributed to higher cyber risk scores are “below-average cyber risk mitigation practices”.
We imagine that many operators might have quite a lot to say in refuting the second attribute, but Moody’s cites, “Costly cyberattacks on companies such as T-Mobile USA (Baa2 stable), AT&T Inc. (Baa2 stable) and Optus Australia, a subsidiary of Singtel Optus Pty Limited (A3 stable) underscore the industry’s Very High risk designation. These firms have experienced numerous and severe attacks in recent years that have resulted in the theft of personal information from millions of current and former customers and led to substantial financial settlements with regulators.”
Source: Moody’s Ratings, Annual Cyber Heat Map, November 2024
It continues, “The breaches illustrate the critical challenges telecommunications companies face in safeguarding sensitive customer data against increasingly sophisticated cyberattacks. Telecommunications firms have made substantial investments in digital transformation, particularly in migrating significant portions of their operations to the cloud.
“While cloud services can reduce some cyber risks tied to the business, they may also introduce new vulnerabilities. This was evident in a recent AT&T breach where malicious actors gained access to data stored on a third-party cloud platform. Although telecommunications companies are investing heavily in cybersecurity, their efforts have yet to counteract their heightened risk exposure. This stands in contrast to the very highly exposed banking sector, for instance, which despite facing similar risks, has more effectively mitigated the threat through implementation of top-tier cybersecurity measures.”
It says an example of weaker mitigation practices would be the telecommunications sector’s vulnerability management. Data from a Moody’s affiliate, Bitsight Technologies, points to the sector being 2.5 times more likely to have unaddressed Known Exploited Vulnerabilities (KEVs) affecting their networks than banks. The sector’s cyber diligence and cyber governance scores similarly show weaker results in our 2023 cyber survey.
Interestingly, between them (see below), the High risk and Very High risk sectors represent $28 trillion of debt.
You can find out more here.