Moody’s Corporation announced on Monday that it would be investing in cybersecurity company BitSight and working with the firm to create a “comprehensive, integrated, industry-leading cybersecurity risk platform.”
First reported by CNN, the partnership will see Moody’s invest $250 million in BitSight and the cybersecurity company will acquire Moody’s cyber risk ratings venture VisibleRisk, which they created with global venture group Team8.
In a statement, Moody’s CEO Rob Fauber said organizations need a way to accurately measure and quantify cyber risk and exposure as they continue to invest in cyber defense and resilience.
“Creating transparency and enabling trust is at the core of Moody’s mission — to help organizations assess complex, interconnected risks and make more informed decisions,” Fauber said.
“BitSight is the leader in the cybersecurity ratings space, and together we will help market participants across disciplines better understand, measure, and manage their cyber risks and translate that to the risk of financial loss.”
Moody’s said its Investors Service review of cyber vulnerability and impact found 13 sectors that have high or medium-high risk, with “total rated debt exceeding $20 trillion.”
Moody’s noted that BitSight has more than 2,300 customers around the world, including dozens of Fortune 500 companies, government agencies, insurers and asset managers.
BitSight said its acquisition of VisibleRisk adds a cyber risk assessment capability and advances its ability to analyze and calculate an organization’s financial exposure to cyber risk. BitSight’s valuation grew to $2.4 billion after the investment.
BitSight CEO Steve Harvey added that the partnership with Moody’s and acquisition of VisibleRisk expands the company’s “reach to help customers manage cyber risk in an increasingly digital world.”
“Cybersecurity is one of the biggest threats to global commerce in the 21st century,” Harvey said.
The $250 million deal will make Moody’s the largest minority shareholder in Bitsight, according to CNN.
Fauber told CNN Business that the effort was started because of the opacity around cyber risk and the spate of serious cyberattacks that have affected a broader range of industries.