Telecommunications, airlines, and utilities are now in the “highest cyber-risk” category, according to Moody’s latest cyber risk heat map. This ranking points to how rapidly digital transformation has expanded the attack surface for hackers in these critical sectors. While digitization has streamlined processes and bolstered connectivity, it has also created new vulnerabilities that many of these industries are unprepared to defend against.
Moody’s assesses cyber risk based on each sector’s exposure to threats and its mitigation capabilities, grading sectors from “low” to “very high” risk. Assistant Vice President Steven Libretti noted that this year’s high-risk ratings were driven by industries increasingly dependent on digital tools yet lagging in cyber defenses, creating significant opportunities for cybercriminals to target them.
The telecommunications sector, in particular, has seen heightened attacks, with recent breaches at major companies such as AT&T, Verizon, and Lumen. These incidents, linked to the Chinese hacker group Salt Typhoon, have exposed sensitive data, including court-ordered wiretaps. The risks in telecom aren’t limited to these breaches alone; AT&T disclosed a July incident that compromised six months of call data, while T-Mobile’s recurring breaches this year resulted in a hefty $31.5 million fine from the Federal Communications Commission, with half of the fine allocated specifically to improve security measures.
The report also highlights vulnerabilities related to telecom companies’ heavy reliance on cloud platforms. Although cloud services have enabled scalable growth and efficiency, they also introduce complex security risks, as illustrated by AT&T’s recent breach involving third-party cloud platforms.
In the airline industry, cyber vulnerabilities surfaced in July when a flawed software update from cybersecurity firm CrowdStrike caused nationwide disruptions. The chaos led to canceled or delayed flights, highlighting airlines’ reliance on interdependent digital systems that can be toppled by a single error or intrusion.
According to Moody’s estimates, sectors now classified as “high risk” or “very high risk” represent a staggering $7.1 trillion in global debt. Within this, the telecom sector stands out due to its essential infrastructure role paired with weaker-than-average defenses. Moody’s analysts found that telecom companies are 2.5 times more likely than banks to have unpatched vulnerabilities, amplifying their attractiveness to attackers.
For the telecom industry and others in the “very high risk” category, Moody’s report signals an urgent need to rethink cybersecurity strategies. Experts recommend a focus on proactive risk management, moving beyond reactive defenses to keep pace with the fast-evolving threat landscape.