Extreme Weather Events Give Insight to Regulators' Response
On December 30 of last year, the Washington Post reported that Russian hackers had accessed the U.S. electric grid through a small utility in Vermont. While the initial report was immediately retracted, it sent shockwaves through the power and utility industry, given the serious threat that malicious cyber activities pose to U.S. energy security.
Over the past several years, Moody's Investors Service has published original research on cyber risk as a factor of growing importance to credit analysis. Lesley Ritter leads Moody's cyber risk research from the perspective of the utilities sector, and addresses some key questions from PUF.
How Does Cyber Risk Factor into Moody's Credit Analyses?
We consider a cyber-attack a type of event risk. That is, it's an adverse event with a low probability of occurrence but a potentially high impact. To be clear, we don't explicitly incorporate cyber risk as a principal ratings driver.
But across all sectors, our fundamental credit analyses incorporate a number of stress-testing scenarios, and a cyber event, like other event risks, could trigger one of those scenarios. The severity and duration of a successful cyber-attack would be the key to determining any credit impact.