Popular
BlogNEW
CompaniesNEW
Finance
Technology
Banking
Information Technology
Oil and Energy
Internet
Mining and Metals
Communications
Real Estate
Biotechnology
Automotive
Medical
Retail
Energy
2021 Stakeholder Sustainability Report slide image

2021 Stakeholder Sustainability Report

A MESSAGE FROM OUR PRESIDENT & CEO 2021 SUSTAINABILITY HIGHLIGHTS ABOUT MOODY'S BETTER BUSINESS BETTER LIVES BETTER SOLUTIONS APPENDIX Moody's 2021 Stakeholder Sustainability Report 37 Cybersecurity and Data Privacy' We are committed to developing and maintaining a best-in-class information security program that addresses cybersecurity and data privacy, including for our customers' data. We continuously work to enhance our policies, processes and technology to strengthen our cyber resilience and protect the data and security of our stakeholders. CYBERSECURITY GOVERNANCE AND RISK CULTURE Chaired by the Chief Information Security Officer (CISO), our Cyber Enterprise Risk Management Committee is responsible for identifying cyber risks and threats, recommending mitigating actions to strengthen cyber resilience and meeting risk tolerance thresholds established by executive leadership. The full Board of Directors and the Audit Committee receive regular updates from the CISO and Chief Information Officer (CIO), with escalations to the Board handled through the executive leadership team. EMPLOYEE TRAINING AND AWARENESS Cyber resilience starts with our people and our culture. In 2015, we enhanced our information security training and awareness program by launching InfoSafe for all employees, vendors and wholly-owned affiliates that are fully integrated with Moody's systems. The program aims to prevent, detect and respond to cyber threats and incidents, and consists of a number of initiatives, including: » Recertification of our IT Use Policy; » Continuing education on phishing awareness; » » Regular communications about cybersecurity best practices; and Annual events, like Cybersecurity Awareness Month. Our employees are required to complete annual cybersecurity training, and compliance is monitored. We use general and targeted phishing simulations to help our employees better recognize and respond to potential threats. The training program is further enhanced by inviting cybersecurity experts to scheduled educational events. We also offer specialized training modules on emerging cyber threats for our software development teams. Our IT Use Policy outlines a clear escalation process that requires employees to immediately report any suspected cybersecurity incident to the IT Help Desk. CYBERSECURITY MONITORING AND ASSESSMENTS Our cyber environment is continuously monitored by automated tools and an expert team that reviews alerts and incidents. Our Information Security Incident Response Plan provides governance and guidance in responding to information security incidents and is reviewed at least annually to ensure optimal calibration against existing and emerging threats. In 2021, we completed the implementation of the Security Operations Center, which was previously identified as an opportunity for improvement. We have a mature cybersecurity program internal review strategy. In addition to the annual assessment of the program and its components, robust vulnerability assessment processes are in place, as well as penetration testing, red teaming, tabletop exercises and phishing drills conducted by internal and external teams. Results are continuously measured and assessed for possible improvements. We contract reputable third parties to conduct annual external assessments of the cybersecurity program and its components. In 2021, these independent assessments included CoalFire and Trace3. Similarly, governmental agencies and their contracted agents conduct regular reviews in jurisdictions where we operate. Furthermore, insurance agents, clients and other market participants continually assess our security posture for their own needs. There were no material incidents² related to data and cybersecurity breaches across our global operations in 2021. Please see our Privacy Policy to learn more about our approach to customer privacy. 1 Refers to Moody's Corporation and its wholly-owned subsidiaries. ² A material incident is defined as "affecting critical systems or information with potential or confirmed significant impact to revenue, reputation or customers."
View entire presentation

Product

HomeSearchAccount

Categories

Finance PresentationsTechnology PresentationsBanking PresentationsInformation Technology PresentationsOil and Energy PresentationsInternet PresentationsMining and Metals PresentationsCommunications PresentationsReal Estate PresentationsBiotechnology PresentationsAutomotive PresentationsMedical PresentationsRetail PresentationsEnergy Presentations

Company

InsightsContactSupport

Legal

Terms of ServicePrivacy Policy

Connect

TwitterLinkedInInstagramYouTube