Bitsight Partners with Moody’s Analytics—Incorporating Cyber Analytics into Its Leading Integrated Risk Products
Tags:
A new integrated risk framework
A recent study found that financially material cyber attacks are increasing in frequency and that the top 5% of such attacks lead to an average of $52M in losses[1]. As these types of cyber attacks become more frequent and more severe, it has become increasingly critical for risk managers outside of enterprise security functions —such as compliance and credit officers—to consider cybersecurity risk in their assessment of customers, suppliers and investments.
Nowhere is this more evident than in credit analysis. While qualitative cybersecurity factors have been considered in credit ratings from Moody’s Investors Service since 2015, Moody’s has accelerated its research into the intersection between cyber risk and credit risk — publishing close to 20 pieces of research leveraging Bitsight data in the past year. Recent Moody’s Investors Service research finds that $22T of rated debt is at High or Very High risk of a cybersecurity event — dwarfing other enterprise risks such as social risk ($8T) and environmental risk ($4T)[2].
These trends necessitate a new paradigm for risk managers whereby cybersecurity performance analytics are a requisite input to an integrated risk framework. In this new framework, cybersecurity performance metrics can be seen as both a positive indicator and proxy for company performance and managerial effectiveness and as a negative indicator of downside risk and financial loss.
Bitsight partners with Moody’s Analytics
Our recently announced partnership with Moody’s— earned the number-one overall ranking in the Chartis RiskTech100® annual report —allows us to execute against this integrated risk vision at scale. Moody’s Analytics supply chain, credit, insurance, compliance and investment management offerings now feature Bitsight’s leading cyber risk analytics. These offerings enable Moody’s Analytics customers to include cyber risk analytics as an input to a broader framework.
As of April, Bitsight ratings are available to all Orbis, Supply Chain Catalyst, Credit Catalyst2 and Compliance Catalyst2 customers. Customers of these solutions can now incorporate the Bitsight rating into their diligence and monitoring workflows and custom scorecards or opt in to access deeper and more frequently updated Bitsight data. Integrating Bitsight into Orbis — the world’s leading firmographic dataset — aligns Bitsight data to standard industry identifiers and unlocks our capacity to effectively service these new users at scale.
Orbis and Catalyst integrations unlock new applications for Bitsight data
Supply chain
Working with customers to monitor, assess and remediate critical cybersecurity issues within their supply chain is not new to us at Bitsight. Typically this involves working with teams specifically charged with managing the cybersecurity risk within a company’s digital supply chain.
Our integration with Orbis and Supply Chain Catalyst improves upon Bitsight’s capabilities to assist supply chain managers who view cybersecurity risk as one factor among many — such as financial, sustainability, reputational and operational risk factors — when building supply chain resiliency. With increasingly complex supply chains and distribution networks, supply chain risk managers require key risk metrics — such as Bitsight analytics — that correlate to operational disruption.
Term credit analysis
The impact of cybersecurity events can be far reaching, causing significant financial, operational, legal and reputational damage to an organization. Each of these results can be credit negative for an issuer.
To account for this — banks and other financial institutions are beginning to proactively include cybersecurity risk in their ratings processes rather than reactively downgrading an issuer based on a breach. Bitsight’s leading cybersecurity risk analytics in Orbis and Credit Catalyst products enables more efficient credit assessment of customers and vendors.
Compliance and Know Your Customer (KYC)
Understanding the relative cybersecurity risk of new customers is becoming increasingly important for compliance teams. Recent regulation, such as the AML Act of 2020, lists assessing the cyber risk of customers as a ‘top priority’ for these personas.
These integrations enable compliance professionals to leverage Bitsight data to understand a customer’s exposure to cyber risk and manage the connection between financial crime and fraud with cybersecurity hygiene[3].
Insurance and related underwriting
As detailed, Bitsight analytics can be leveraged as both a positive indicator for company performance and governance and as a negative indicator of downside risk and financial loss. This utility has multiple underwriting personas— who we can better serve via our Orbis integration— evaluating Bitsight data for incremental signal. Use cases include insurance underwriting of non-cyber lines such as D&O and P&C policies. Bitsight data in Orbis will also service the investment and asset management communities in providing scaled datasets matched to common identifiers.
Moody’s Analytics’ perspective
We help organizations assess complex, interconnected risks and make more informed decisions, by providing a holistic view of third-party risk across financial, sustainability, reputational, and operational dimensions. As we continue to see cyber-related losses rise across industries, it is imperative for our clients to better understand, measure and mitigate cyber risk. We are delighted to enhance our integrated risk assessment capabilities with the introduction of Cyber Risk Ratings by Bitsight in our Orbis and Catalyst solutions, to help our customers fortify operational resilience and support the growth of their businesses.
Matt McDonald, Managing Director, Moody’s Analytics
[1] Iris 2022 Report, Cyentia Institute
[2] Moody’s Investors Service Heatmap, 2021
[3] McKinsey, Financial Crime and Fraud in the Age of Cybersecurity