That move might be a game-changer for many institutional and individual investors, who often struggle to quantify the potential impact of a significant cybersecurity incident into a meaningful rating. Ratings agencies including Moody's have been warning for years that cyber issues, including lax controls or a meaningful breach, could lead to a downgrade. But this is a first real step toward codifying those predictions. "For us, it's not something we view as a totally new idea," said Derek Vadala, who was named Oct. 17 to a new role heading Moody's Investors Services Cyber Risk Group. "We've been in the risk management business for a very long time. This is to enhance our thinking about credit as cyber becomes more and more important."

https://www.cnbc.com/2018/11/12/moodys-to-build-business-hacking-risk-into-credit-ratings.html