Equifax’s Nightmare Continues, Credit Rating “Negative”
Since 2017, Hackercombat.com covered the data breach incident of Equifax and all its relevant angles. The latest was just last March 9, 2019, when the U.S. Senate’s Committee on Homeland Security and Governmental Affairs released their committee report about the result of its probe of the incident. The report included not only the embarrassing situation of Equifax before and after the cyber attack, but also included proposals through legislation on helping companies not to become the next victim of a similar incident.
However, that was not the last episode in this long-running Equifax-drama series, the nightmare for Equifax is not yet ending as Moody’s, one of the global credit rating agencies has slapped the data analytics firm with a drastic credit rating downgrade. Moody’s downgrade is highlighted with the demotion of Equifax’s credit outlook from “stable” to “negative”, which will be felt by the company in the current year.
“We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change. This is the first time the fallout from a breach has moved the needle enough to contribute to the change,” explained Joe Mielenhausen, Moody’s Spokesperson.
With the downgrade, Equifax will have a hard time paying for their current loans, including the tougher time of persuading financial institutions for any future creditors. Moody’s blamed the $690 million after data breach expenses that Equifax had to absorb as the justification for the credit rating downgrade. The mentioned about was the closest estimate of all the expenses that Equifax incurred just to settle the class action lawsuits and all the state and federal fines facing the company after the incident.
“We estimate Equifax’s cybersecurity expenses and capital investments will total about $400 million in both 2019 and 2020 before declining to about $250 million in 2021. Beyond 2020, infrastructure investments are likely to remain higher than they had been before the 2017 breach. The heightened emphasis on cybersecurity for all data oriented companies, which is especially acute for Equifax, leads us to expect that higher cybersecurity costs will continue to hurt the company’s profit and free cash flow for the foreseeable future,” said Moody’s in a Press Release.
In November 2018, Moody’s made a change with their rating system adding cybersecurity risks handling and cases as a proportionate basis for judging the credit rating for an entity. It is a huge reform being implemented by Moody’s given that cybersecurity issues had not affected the credit rating of companies before.
“For us, it’s not something we view as a totally new idea. We’ve been in the risk management business for a very long time. This is to enhance our thinking about credit as cyber becomes more and more important. We haven’t yet moved a credit rating due to cyber risk or a cyber event, but we see the likelihood of credit-rating impact as steadily increasing. Different sectors have different levels of credit sensitivity to cyber risk. For those higher-risk sectors, there will be impact down to the individual issuer-level over time,” added Derek Vadala, Moody’s Lead for Investors Services Cyber Risk Group.