New Delhi, Sep 11 : The reputational risk from cyberattacks is rising for many companies globally, as episodes have become more publicised, Moody’s Investors Service said on Friday.
These episodes pose varying degrees of credit risks depending on the sector, size of the company and its relationship with the customers.
“Companies whose customers can easily switch to a competitor or whose business activities rely more heavily on trust are more exposed to reputational risk stemming from cyberattacks,” Moody’s said in a report.
“These risks are growing because of increased disclosure of attacks, both from cybercriminals, who are increasingly identifying the organisations they attack, and from more stringent disclosure requirements put in place around cyber events. Cyber resiliency planning and crisis management actions are essential components to mitigate the risks,” it said.
According to the report, increased disclosure is contributing to rising reputational concerns.
“In the past, many companies avoided disclosing cyber incidents, fearing such disclosures could invite further attacks or damage their reputation. However, cybercriminals are now publicly identifying the companies they attack, and new laws and regulations are requiring companies to notify the customers and stakeholders whenever data is compromised,” the report said.
“The increased disclosure is allowing customers to learn more about a company’s cyber track record and to factor cybersecurity into their business decisions,” it added.
As per the report, reputational damage brings higher costs and can weaken revenue.
“Damaged reputations can result in increases in the cost of capital, regulatory costs and additional costs for attracting and hiring talent. Companies with damaged reputations may also lose the support of customers, investors and other counterparties, causing a reduction in revenue,” the report elaborated.
Besides, the report cited that companies with lower customer bargaining power or confidence-sensitive business models have more exposure to cyber-related reputational risks.
“The effects vary, with acute financial consequences for some companies and little or no impact for others. Companies can employ various strategies to reduce customer churn and limit reputational harm, although these strategies can be expensive or frustrate customers,” the report suggested.
“Healthcare and financial institutions are particularly at risk because of the sensitive data customers entrust to them, and the relative ease in switching providers,” it said.
The report said the biggest cause of increased disclosures in recent months is a change in criminal behaviour.
“In particular, cyberattackers have become more targeted when launching ransomware attacks, as we discussed in our January report on cyber risk trends. Ransomware gangs previously only named entities that refused to pay the ransom,” the report disclosed.
“However, a new tactic to coerce payment is to name all entities that have been attacked and release private data of those who do not pay the ransom. Many companies have taken the attitude that they have no choice but to acknowledge the ransomware attack once attackers identify them publicly,” it said.
Notably, the number of reported ransomware attacks against companies jumped in the first half of this year, many of which would have gone unreported but for the cyberattackers’ disclosures.