Ratings agency Moody’s Corp and Israeli cyber group Team8 launched on Thursday a joint venture to assess how vulnerable businesses are to cyber attacks and create what they hope will become a global benchmark.
Cyber attacks are in focus after a virus from Ukraine spread around the globe in 2017, crippling thousands of computers, disrupting ports from Los Angeles to Mumbai and even halting production at a chocolate factory in Australia.
Similar to the way that banks can check their stability with a stress-test, Moody’s and Team8 are developing a framework to measure companies’ defenses and preparedness for such attacks in comparison to other businesses and over time.
The service will be a tool for companies engaging in mergers and acquisitions or when purchasing cyber insurance policies, said Derek Vadala, chief executive of the joint venture who most recently served as head of Moody’s cyber risk group.
The venture did not disclose financial details.
“Companies doing business with each other are spending more and more resources on understanding what is the risk associated with doing business with third parties and fourth parties,” Team8 CEO Nadav Zafrir told Reuters on the sidelines of a Tel Aviv University cyber conference.
“We believe that not only is that already slowing down the economy, but that we are going to see this slant continuing to deteriorate,” Zafrir, an ex-commander of Israel’s elite 8200 military intelligence unit, added.
The cyber health of companies has in the past had an impact on credit ratings as well. In March, Standard & Poor’s downgraded Atlanta-based credit bureau Equifax reflecting the possible fallout from a 2017 data breach. Moody’s in May revised its outlook of Equifax citing the breach.
Moody’s said the new cyber rating product was not related to its credit ratings service.
The new company will be based in New York and in Israel and will initially have a dozen employees, but is expected to grow to hundreds in coming years.
A creator of cyber defense startups, Team8 is backed financially by Moody’s and other major companies like Microsoft , Airbus and Qualcomm.
Companies are well aware of growing cyber threats, and total spending on information security products and services is expected to reach $124 billion in 2019, according to a report from advisory company Gartner which estimated spending surpassing $114 billion in 2018.
A coordinated global cyber attack, spread through malicious email, could cause economic damages of between $85 billion and $193 billion, one hypothetical scenario developed as a stress test for risk management showed.
In this scenario, claims paid by the insurance sector are estimated at $10 billion-$27 billion, the report produced byinsurance market Lloyd’s of London and Aon said.
Vadala said the company was building its model and expected to have beta customers in a year. The idea is to engage thousands of companies so the index becomes the global standard, he said.