Internet Explorer is not supported on this site. For an optimal experience, please use a modern browser, such as Chrome, Edge, Firefox, or Safari.
Cybersecurity and data privacy

The growing intersection of supply chains, connectivity and access to data is increasing the potential for cyber-attacks.

We are committed to developing and maintaining a best-in-class information security program that addresses cybersecurity and data privacy, including for our customers’ data. We continuously work to enhance our policies, processes and technology to strengthen our cyber resilience and protect the data and security of our stakeholders.

BitSight Security Ratings measure an organization’s cybersecurity risk and security management effectiveness. The rating is calculated by BitSight using their proprietary algorithm based on externally observable data.

Cybersecurity monitoring and assessments1
Our cybersecurity program undergoes internal and external reviews. In addition to the annual assessment of the program and its components, robust vulnerability assessment processes are in place, as well as penetration testing, red teaming, tabletop exercises and phishing drills conducted by internal and external teams. Results are continuously measured and assessed for possible improvements.

We contract reputable third parties to conduct annual external assessments of the cybersecurity program and its components. In 2021, these independent assessments included CoalFire and Trace3. Similarly, governmental agencies and their contracted agents conduct regular reviews in jurisdictions where we operate. Furthermore, insurance agents, clients and other market participants continually assess our security posture for their own needs. There were no material2 incidents related to data and cybersecurity breaches across our global operations in 2021.
Employee training and awareness1
Our employees are required to complete annual cybersecurity training, and compliance is monitored. We use general and targeted phishing simulations to help our employees better recognize and respond to potential threats.

The training program is further enhanced by inviting cybersecurity experts to scheduled educational events. We also offer specialized training modules on emerging cyber threats for our software development teams.
Data privacy and protection1
We updated our Privacy Policy to highlight existing protections. The policy explains how we collect personal information; how we use, disclose and protect such information; and the choices our customers have concerning use of such data.
how we meet our data governance obligations

Find out more

reports & policies »
1 Refers to Moody's Corporation and its wholly-owned subsidiaries.
2 A material incident is defined as “affecting critical systems or information with potential or confirmed significant impact to revenue, reputation or customers.”
Moody's sustainability
sustainability@moodys.com
Contact
Americas
+1.212.553.1653
EMEA
+44.20.7772.5454
APAC
+852.3551.3077
japan
+81.3.5408.4100
Who we are
About Us
History
Our Companies & Affiliates
Careers
Investor Relations
what we do
Overview
Climate
CORE
Cyber
ESG
Events
KYC
Media Relations
how we work
Overview
Sustainability
Community Impact
Diversity, Equity & Inclusion
Gender & Finance
Awards
INSIGHTS
Podcasts
Infographics
Data Stories
© 2023 Moody’s Corporation, Moody’s Investors Service, Inc., Moody’s Analytics, Inc. and/or their licensors and affiliates (collectively, “MOODY’S”). All rights reserved.
Privacy PolicyTerms of Use