Moody’s and BitSight partner to create integrated cybersecurity risk platform
learn more
“As organizations invest in cyber defense and resilience, another critical need has emerged: the ability to accurately measure and quantify cyber risk and exposure. BitSight is the leader in the cybersecurity ratings space, and together we will help market participants across disciplines better understand, measure, and manage their cyber risks and translate that to the risk of financial loss.”
Rob Fauber
Moody’s CEO & President

Moody’s and Cyber

Understanding and building cyber resilience
The exponential rise of cyberattacks and ransomware has cost companies billions of dollars, threatened the stability of businesses across the globe and created an imperative for business leaders and boards to assess and quantify their cyber risk.

Understanding cyber risk is critical to informing key strategy decisions – from security initiatives to budget allocation – and extends to a company’s supply chain risk, investor confidence, and operating transparently with regulators and the market.
Through the transaction announced on September 13, 2021, Moody’s will make a significant investment in BitSight, a pioneer in cybersecurity ratings and analytics, and BitSight will acquire VisibleRisk, a cyber risk quantification joint venture created by Moody’s and Team8, a global venture group.

Moody's investment advances its mission as a global integrated risk assessment firm – providing cybersecurity ratings and analytics at scale to help leaders make better decisions.

Helping leaders build resilience and incorporate cybersecurity intelligence into corporate decision making

Cyber Analytical Tools
Credit ratings & research
How is cyber risk integrated into credit analysis?
Moody’s credit analysis seeks to incorporate all issues that can materially impact credit quality, including cyber risk, and aims to take the most forward-looking perspective, providing visibility into these material risks.

We assess the inherent cyber risk exposure of 35 broad sectors based on two factors: vulnerability to a cyber event or attack, and the impact in terms of potential disruption of critical business processes, data disclosures and reputational effects. Given our new partnership with BitSight, we will explore integrating curated BitSight data and insights into our analysis.
Global Cyber Risk Issuer Surveys
How do issuers manage cyber risks?
To assess the cyber risk preparedness of insurers, insurance brokers and asset managers, we surveyed 100 companies in North America and Europe.

We globally surveyed issuers to assess their cyber risk preparedness owing to the financial, reputational and regulatory risks cyberattacks pose for the sectors.
Cybersecurity experience & reporting
Very large companies report more cyber expertise at the board level
% of board directors with cyber credentials
P&C insurers report on cyber to board committee twice a year on average
Times per annum head of cybersecurity reports to board committee
Global Cyber Risk Issuer Surveys
Business Services
Global Banks
Higher Education
Electric Utilities
Technology, Media and Telecommunications
US State and Local Government
Insurers, Insurance Brokers and Asset Managers
North America Banks

Cybersecurity Ratings

How do we measure cybersecurity risk, performance and exposure?
BitSight is transforming how the market addresses cyber risk through cybersecurity ratings and analytics, helping leaders make critical decisions regarding risk management, quantify financial exposure, prioritize security initiatives, allocate budget and resources, and report effectiveness to board directors and stakeholders.

Through the acquisition of VisibleRisk, BitSight will enhance these capabilities, allowing companies to conduct deeper analysis and better understand their overall cyber resilience.
BitSight exposes cyber risk within an organization’s third- and fourth-party supply chain ecosystem, helping organizations collaborate with vendors and in turn provide data to make confident, faster, more strategic cyber risk management decisions.
BitSight helps organizations continuously measure and monitor security program performance and efficacy, analyze and calculate financial exposure to cyber risk, allocate limited resources to focus on the areas that will have the greatest impact on their cyber risk management programs, and facilitate data-driven conversations around security that help maintain the trust of the marketplace.
BitSight allows investors and organizations to perform enhanced cybersecurity due diligence and ongoing monitoring of their investment portfolios or M&A targets.
BitSight enables cyber insurance carriers, reinsurers, brokers and risk managers to seamlessly identify and measure the risk associated with underwriting cyber liability.
BitSight enables governments, CERTs and National Law Enforcement organizations to measure, monitor and investigate cybersecurity risks in their countries, industry sectors and key critical infrastructure companies.
Financial quantification of cyber risk
How can data and insights help quantify the impact of a potential cyber attack on a company’s financial performance?
Financial quantification of cyber risk has become a critical issue for enterprises.

BitSight offers an industry-leading financial quantification solution that allows decision makers to analyze and calculate an organization’s financial exposure to cyber risk. VisibleRisk has also developed an innovative approach to financial quantification of cyber risk. The transaction announced in September 2021 will allow BitSight and VisibleRisk to build on their leading offerings to deliver a suite of solutions and analytics that support financial quantification of cyber risk, measuring cyber value at risk and other critical analytics that serve a variety of stakeholders ranging from CISOs to executives.
Four primary risk factors
Learn more about our cyber journey
“Providing trusted insights and standards that help decision makers act with confidence is at the heart of our business.  As the disruption and impact of cyber-related losses continues to grow exponentially, the ability to better understand, measure and manage cyber risk and exposure is critical.  We are delighted to partner with BitSight, the leader in cybersecurity ratings, to help our customers build cyber knowledge to fortify operational resilience and support the growth of their businesses.”
Moody’s Investors Service (MIS) Offerings
and Initiatives
Moody’s Corporation (MCO) and
Corporate Social Responsibility (CSR)
Initiatives / Disclosures
Moody’s Corporation (MCO) Acquisitions
Dave Platt
Moody’s Chief Strategy Officer
Moody’s and BitSight announce creation of leading cybersecurity rating platform
MAY 2021
Moody’s and Team8 announce investment in VisibleRisk as it launches cyber rating
Moody’s and Team8 launch joint venture to create a global cyber risk standard
JUNE 2019
Moody’s integrates cyber risks  into credit analysis