Last week, financial ratings agency Moody’s downgraded Equifax’s credit outlook from “stable” to “negative”, citing the company’s 2017 data breach as the reason for the shift. The downgrade marks the first time a cybersecurity incident has played a major factor in determining a company’s financial outlook.
According to Moody’s credit analysis statement, “[Equifax’s] negative ratings outlook reflects our concerns that revenue may not grow and free cash flow could remain low for an extended period.” Equifax’s bottom line has already taken a hit to the tune of $1.35 billion in the wake of the company’s massive consumer data breach, in which Social Security numbers, birth dates, addresses, and driver’s license numbers for more than 147.9 million Americans were exposed. Among this $1.35 billion, $690 million has already been put aside in anticipation of ongoing legal settlements, as well as federal and state regulatory fines. In other words, Equifax’s cybersecurity nightmare has become an acutely financial one too – both in terms of immediate and forecasted costs.
Equifax isn’t the only company that should be bolstering cybersecurity investment as a financial move. Moody’s also recently announced that it’s looking to integrate measurement of cyber risk into all of its credit ratings, forcing companies to consider cyber risk as a business risk. Organizations most at risk, according to the firm, include “financial firms, securities firms, hospitals, market infrastructure providers and electric utilities.” These “data-oriented” companies carry sensitive information, and in many cases, a breach could have significant repercussions on both internal business operations and national infrastructure. Continued attacks on the U.S. electric grid and on broader energy infrastructure, for example, put operators at risk of disrupted power generation or even blackouts that pose expensive financial – and reputational – costs.
As more companies such as Equifax are held financially accountable for inadequate cybersecurity standards, executives outside of CISOs are beginning to take note. While previous highly-publicized breaches might’ve initially impacted stock prices and then balanced out, now, the long-term financial impact of poor cybersecurity can diminish investor prospects or even be business-ending in some industries. Proactive cybersecurity practices must become an operational norm to protect against financial and reputational risks.
Xage’s Security Fabric provides a distributed, flexible, and adaptive solution that can be both proactively or retroactively fitted to suit a company’s needs. Xage’s tamperproof, blockchain-based Fabric protects entire industrial operations by providing role-based access control (RBAC), data privacy & integrity, and enforcing company-defined security policies across all devices, applications, data, and users. In an increasingly digitized and interconnected landscape, Xage’s comprehensive Security Suite is designed to protect all types of information and interactions – across even the most “data-oriented” companies.