Introduction

Our long-term issuer credit ratings do not have a pre-determined time horizon. However, our rating outcomes typically allocate a higher weight to our expectations over the next several years (including specific financial forecasts for the next two to three years), within which there tends to be a larger amount of certain and actionable information. As forecasts extend beyond the medium term, judgements about the ability to identify relevant credit drivers, how they will shift, and ultimately their effects on credit quality becomes more challenging.

Nevertheless, we believe it is important to monitor long-dated risks because, while megatrends may be slow moving, they can transform industries, and business processes in fundamental ways.

In this article, we dive into the megatrends of increasing digitization and disruptive technology including growth in AI, vulnerability to cyberattacks, and increased adoption of blockchain and digital assets. (For details on all megatrends we are monitoring, see "Evolving Risks In North American Corporate Ratings: An Overview", published Oct. 29, 2024.)

The objective is to contrast and highlight the different ways that various sectors might be affected by these elements of digital disruption. We elaborate on how we provided an overall view of how the megatrends may influence credit quality on a continuum of positive, neutral, some risk, and more risk below (chart 1, 2, and 3).

These risk assessments are largely qualitative and are intended to facilitate cross-sector comparisons within a given risk category. Comparisons across risk categories within the same sector are directional, may differ based on our current forward-looking view of credit transmission channels in North America, and are not meant to capture the absolute level of future ratings risk.

Positive

AI:  In this category, we expect AI would deliver stronger product and service differentiation or favorable shifts in competitiveness. Additionally, we believe AI could be a material boon for financial and operating performance for these sectors through better efficiencies and lower costs in the long term.

Blockchain and Digital Assets:  Here we expect the sector could benefit from blockchain technology, enabling operational efficiencies and cost reductions. This technology could also address security risks that arise from AI and cyber risks.

Neutral

AI:  We would view a sector as overall neutral if productivity enhancements that could reduce operating expenses are offset by investment requirements.

Blockchain and Digital Assets:  If we do not expect material impact, or the level of clarity of the effects is too low, we would assess the sector as neutral.

Some risk

AI:  We would expect AI to shrink revenues and margins of the sector. We also anticipate companies would have to make material investments to remain viable. However, in this category, there is limited clarity around the impact on transmission channels.

Blockchain and Digital Assets:  In this category, we believe blockchain technology may disrupt a sector, but the transmission to credit quality remains uncertain.

More risk

AI:  To categorize a sector as more at risk, we believe that AI is likely to disrupt the business model in the long term, possibly due to product or service displacement with AI or new entrants. Alternatively, we would also assign this category if we believe there is high clarity and certainty around the materiality of the eventual impact on transmission channels, even if the negative effect may not be severe.

Blockchain and Digital Assets:  Here we expect blockchain technology would likely enable new entrants and cause significant disruption to the sector's competitive landscape.

A Note On Cyber

Our assessment identifies each sector's likelihood of being targeted by malicious actors in a successful attack that could have credit quality implications.

Businesses of any material scope have to participate in the interconnected digital economy to be competitive. As a result, there are no industries completely insulated from a cyberattack. Due to the broad susceptibility to cyberattacks and the trend of increasing incidences of these attacks, we assign the category of 'some risk' to a large number of sectors.

In the subset of these cases where the transmission channels that might lead to credit deterioration are more clearly defined, we assign the 'more risk' categorization.

On the other hand, sectors which are less attractive targets due to the type of data they have, or attributes that make an attack less likely to be effective would fit into the neutral category.

In our view, the risks at the sector level offset any benefits that might accrue to the few companies that might specialize in cybersecurity protection-related goods and services. As such we do not categorize any sectors as positive in our heatmap.

In the following sections, we provide background on and our expectations for specific sectors.   We explore every sector that we assessed as positive, some risk, or more risk. In the case of sectors that we assessed as neutral, we may also provide details if we believe there are relevant developments and risks, even if the overall credit impact remains unclear.

Artificial Intelligence

Why it matters

AI-related risks and opportunities have the potential to materially affect creditworthiness or alter the trajectory of the credit factors underpinning our ratings (chart 5) due to the potential to replace, transform, and regenerate human work and digital processes. This has the potential for significant efficiency and productivity gains, higher revenue streams, and enhanced competitiveness.

Transmission channels

The credit transmission channels through which AI can affect key credit factors include competitive position, revenue, expenses, investment needs, access to funding, and the impact from AI-focused regulatory developments across regions. Those channels align to fundamental issues, including energy usage, labor capital, and economic competitiveness.

Potential credit impact

Increased business risks linked to AI could result from disruptions to business models (a risk that increases with time) and the possibility that products or services will be displaced by AI or AI-driven entrants. Risks could also arise from unintended operational, financial, or reputational events stemming from malfunctioning AI systems, cost-overruns related to AI's development, the emergence of novel cyber security related vulnerabilities, or other deliberately malicious acts.

We could consider the negative impact of such risks on creditworthiness, even where their effects are unlikely to be severe in the next 12-24 months, so long as there is a high level of clarity and certainty about the materiality of the eventual impact on transmission channels. That could result from AI-related inactivity that reduces an entities' competitiveness (notably due to an AI-technology gap to rivals), or where AI projects are characterized by poor governance or weak data privacy, and are thus a threat to customer, public, or investor trust.

Positive credit implications due to AI will typically arise in sectors where we anticipate the technology will deliver stronger product or service differentiation, favorable shifts in competitiveness, and where we expect effective management can avoid technical pitfalls--including hallucinations (where AI generates incorrect information), exacerbated bias (where algorithms contribute to unfair discrimination), and risks associated with data privacy and cyber security.

AI: Autos (neutral)

Background:  We see upside to our base case from the evolution of new business models that enable new revenue streams, such as mobility-as-a-service (MaaS), data monetization from self-driving as well as smart, connected car services, and predictive maintenance for aftermarket sales (replacement parts). This significantly boosts revenue with more predictability and a larger addressable market.

Concurrently, AI related developments are also a near-term headwind to credit quality for some issuers due to large investments toward their self-driving initiatives (as is the case for GM and Tesla). Once these companies can demonstrate a business case through monetization, we expect it will evolve to a credit positive over time.

AI will also improve vehicle safety through advanced driver-assistance systems (ADAS) and help ensure compliance with safety regulations, reducing the risk of recalls and associated costs. For now, we believe these benefits are mostly offset by headline risks (related to negative publicity), consumer acceptance, and reputational damage. For example, there has been scrutiny of recent fatalities linked to automakers' self-driving programs.

Our expectations:  We view the impact of AI on the auto sector as credit neutral because the effects of AI adoption on customer demand are unclear.

AI-driven automation in manufacturing, logistics, and administrative processes reduces costs and improves profitability, but it has not been a material offset to other cost and investment headwinds for most issuers. We believe AI will eventually support higher revenue streams in predictive maintenance for auto dealers by reducing downtime, costs, and by predicting failures and optimizing maintenance schedules.

We also see rising potential for cash flow benefits due to better research and development (R&D) efficiency as AI accelerates these processes, reducing time and costs associated with bringing new technologies to market.

Lastly, ADAS improves meaningfully with more widespread consumer acceptance and usage, it could transform the business models of traditional automakers from hardware-centric to software-centric. This will imply higher revenue from software subscriptions and updates as data becomes more valuable, enabling automakers to monetize insights by partnering with cities, insurance companies, or mobility providers. Additionally, this modular approach and change in customers may yield entirely new business models altogether, which may add a variety of new players into the automotive ecosystem.

AI: Business and Technology Services (neutral)

Background:  We believe AI will have an uneven impact across a wide range of issuers, subsectors, and end markets. In the case of IT and data service providers or customer experience service providers, we expect a high impact from AI usage. In contrast, we do not expect much disruption from AI for human-driven service providers that mostly involve physical aspects (such as service providers manned security, facilities maintenance).

Our expectations:  Overall, we view AI as credit neutral for this sector, though potential effects vary by subsector.

We believe the advent of more AI-based solutions will be a modest credit positive for most large IT or data service providers (which comprise less than 20% of our rated sector coverage), leading to accelerated revenue growth due to higher demand and investment to enhance longer-term competitivity.

We expect clients will likely focus on improving employee productivity and enhancing customer service. Large IT service providers will act as system integrators and are well positioned to validate accuracy of output from large language models (LLMs), foundational models, and enterprise-grade models (with better traceability of data and logic to avoid hallucinations). We expect most Gen-AI related revenue from these mostly exploratory projects will remain a small portion of contracted revenue through 2025, with more upside thereafter.

Concurrently, for issuers with significant exposures to legacy IT infrastructure or data that is not readily digitizable, the outsourcing of AI services is an increasing risk given secular pressure from accelerating digital transformation efforts.

For customer experience service providers (less than 5% of our rated sector coverage), disruption risk stems from large language models that could replace human representatives in most interactions without compromising service quality. Negative credit impact could potentially be material for these issuers because they face rising pressure to adjust their business models and expand their service offerings as clients incrementally implement AI-driven solutions. Ratings downgrades will likely stem from an inability to develop marketable AI capabilities relative to competitors and new entrants, leading to competitive losses.

We anticipate there will be limits to AI capabilities and potential regulatory hurdles that will prevent a full replacement of traditional contact center work; however, we do expect AI will decrease human-based interaction volumes and lead to greater efficiency over time.

AI: Capital Goods (positive)

Background:  U.S. capital goods sector is experiencing some benefits from AI. Upfront investments in semiconductor manufacturing, data centers, and the associated energy are buoying industry revenues at a time when many subsegments destock, interest rates slow demand, and megaprojects face delays. Further, we believe the successful early movers in manufacturing could harness efficiency gains from AI capabilities that will eventually become prerequisites for new entrants.

At the same time, we expect the rollout of AI capabilities in manufacturing will be costly and operationally uneven, as some workers will need new skills and some companies will need new workers. Additionally, integrating AI systems into existing processes and information systems while preserving data security and privacy could be difficult and disruptive.

Our expectations:  Overall, we view AI as a modest credit positive for the U.S. capital goods sector. We believe that AI in manufacturing will eventually support efficiency and profitability by optimizing processes and improving quality and safety. We anticipate many companies in capital goods sector will provide equipment that will assist in the buildout of AI assets around the world.

We believe companies could improve labor efficiency and equipment utility from routinizing repetitive tasks, reducing waste and re-work, enabling predictive maintenance, and reducing downtime. Also, real-time monitoring and analysis could benefit customers through better product quality, new product innovation, sharper demand forecasting, and tighter inventory control.

AI: Health Care (positive)

Background:  The health care industry is facing many challenges, including increasing demand due to a number of factors, including: growing and aging population; unsustainable growth of health care costs; physician and nursing shortages; lack of interconnectivity and inability to leverage patient and medical data; an alarmingly high medical error rate; health inequality; the constant need for innovation in pharmaceuticals and medical devices; and the increasing complexity of navigating health care systems, especially in the U.S.

The health care industry has been utilizing AI tools for many years now, such as improving accuracy and efficiency in reading radiology scans. However, with the increased use of newer, broader-based tools such as GPT-4, we expect benefits to company cost structure. For example, acute-care hospitals--key components of the U.S. health care services sector--tend to be expensive and very labor-intensive, at a time when health care labor, due to shortages and employee burnout, is at a premium. AI tools can help offset some of these higher expenses by lowering certain administrative costs while also improving efficiencies for organizations and clinicians.

Our expectations:  We believe the impact of AI on the health care industry--an industry ripe for disruption given the continued unsustainable rise in health care spending around the world--will accelerate over the next several years.

Over time, health care service entities and clinicians are likely to incorporate AI with patient data, technology, and other tools to improve patient care and outcomes as well as reduce the incidence of medical errors. We also expect AI will help accelerate development times and success rates for pharmaceutical and medical device companies that are highly reliant on innovation.

Thus, we believe it is becoming critical that individual companies have the ability and willingness to invest and implement an AI strategy because we believe AI will create competitive advantages for players.

There are negative rating implications for smaller issuers that cannot leverage the benefits from AI as quickly and could therefore suffer a competitive disadvantage. However, for smaller companies that implement AI strategies effectively, AI can have a leveling effect, where smaller and more agile companies with superior algorithms could expand rapidly and outpace current industry leaders, particularly in low-margin, highly fragmented areas.

AI: Media and Entertainment (some risk)

Background:  AI is a tool that could have a transformative impact on the entire media and entertainment industry. This ranges across the entire media pipeline, from content creation to distribution and end-user discovery. A notable risk for the industry is that AI can be used to create new original content or to modify existing content.

The Hollywood actors' and writers' guild strikes in 2023 occurred in part over negotiations for the rules around using AI. For example, the writers' guild wanted the right to use AI tools but wanted to prevent the studios from using AI to replace human writers.

At the same time, AI will improve the business for digital media companies because these companies will use AI to create new and improved suite of tools for companies and consumers. AI is already in use by marketing service companies for greater productivity, film and TV studios for pre- and post-production work, and digital platforms for improved search functionality and improved advertising performance.

Our expectations:  We believe AI presents a growing risk to the media ecosystem if the legal system does not protect IP and provide a legal framework to either prevent the misuse of IP or allow for the owners of that IP to financially participate in its use.

The extent that AI could negatively affect media companies will depend on how strong the laws protecting IP are, in our view. More importantly, it will depend on how aggressive the IP owners are in legally enforcing those laws. We note that currently, content created by AI, without any human input, cannot be copy written in the U.S.--although the U.S. Copyright Office is conducting a study on the impact of Gen-AI on copyright and could recommend changes to the laws around IP projection.

AI: Metals and Mining (positive)

Background:  AI applications appear well-suited for mineral exploration and extraction. S&P Global Commodity Insights (SPCI) reports that companies are using AI to process the immense amounts of data created during prospecting and exploration activities, especially drilling campaigns, in order to get clues into where mineral deposits may be deep underground. The mining industry spends constantly to explore for new deposits, which usually occur in remote locations with difficult topographies.

Long-term demand for most metals is good, but large, economically-viable deposits are rare. For example, copper is mined in only about 40 countries around the world, and nickel in about 25. SPCI recently highlighted an average lead time of 16.3 years for the 136 mines that started production between 2002 and 2023. For downstream metals production, like steel and aluminum, AI applications are probably less compelling, providing some potential for manufacturing efficiencies like in many industries.

Our expectations:  SPCI estimates global mining exploration budgets in 2023 was $12.76 billion, which accounted for about 1% of mining industry revenue from the 86 mining companies rated by S&P Global Ratings. Mineral deposits are almost always hidden from plain sight in complex geologies, necessitating cost-intensive physical data gathering and predictive analysis to validate inferences from theoretical models.

Mineral exploration relies on advanced technologies like aerial surveys with ground-penetrating radar to generate large data samples, and often build upon decades of previous exploration findings. Defining an economically-viable ore body and developing a plan for capital spending and output requires assessing millions of data points from thousands of drill holes. Additionally, the commodity purity of the end product belies the complexity of production; most of the ore extracted is waste, with a range of valuable metal byproducts and contaminants that need specialized processing or treatment.

AI applications could assist in real-time decision-making as the makeup of an ore body is confirmed with extraction. All the surveying, mapping, and sampling are combined with cost and price assumptions to develop a mine feasibility study. These studies face years of scrutiny from regulators, communities, and investors, and lay out decades of mining plans based on those estimates.

AI: Oil and Gas (positive)

Background:  With natural gas accounting for 43% of U.S. electricity generation in the U.S. in 2023, trends in the power market can greatly affect natural gas demand and prices. After experiencing 0% growth over the last 10 years thanks to energy efficiency and reduced power usage, we believe power demand in the U.S. is about to undergo a generational growth phase. This growth in demand is being turbocharged by the growth in energy intensive data centers and AI.

The growth in data centers across the U.S. is spurring utilities to ramp up their plans for adding new sources of power generation, including a slew of gas-fired plants. What this ultimately means for natural gas demand is difficult to quantify, with many market participants believing a significant portion of the power demand growth could be met through renewables. However, what is certain is that natural gas will have some level of influence in meeting this surge in power demand, which will be supportive of gas prices and thus credit quality.

Our expectations:  Several market reports estimate the compound annual growth rate (CAGR) of U.S. power demand will accelerate to an average of 2.6% by the end of the decade, with AI data centers driving close to half of this increase. By 2035, SPCI believes that AI data centers will account for approximately 8.5% of overall U.S. power demand compared to 3% in 2022.

We believe the growth in power demand will largely be met through a combination of natural gas and renewable energy. However, there are so many unknown variables, that it is difficult to predict exactly how much of the energy growth pie will be allocated between these sources. Renewables still require advances in storage and meaningful build out of the U.S. electric distribution system and grid. Natural gas could potentially need additional gas pipelines because many pipelines are currently at or near full utilization.

We believe natural gas will meet a meaningful portion of the demand growth by the end of the decade because there is sufficient natural gas fired capacity to meet forecasts of electricity demand growth. Estimates for gas demand related to data centers vary widely, from 3 billion cubic feet per day (Bcf/d) to more than 12 Bcf/d, which currently represents 4% to 11%+ of current gas demand in the U.S., respectively.

Moreover, a disproportionate share of data center build out is occurring in the Southeast and Northern Virginia where gas-fired power generation is the leading supply source. After 2030, the natural gas story becomes murkier as its share of the power fuel source lexicon could diminish as wind and solar begin to take a greater percentage of the pie.

AI: Technology (positive)

Background:  Large cloud service providers (CSPs) are leading the AI investment cycle by focusing on AI training, which involves analyzing raw data in large language models to detect patterns. Inferencing, where trained models use live data to make predictions and conduct real-world tasks, will gradually move beyond CSPs and be adopted by enterprises and sovereigns, transforming it into a much larger market than the current training-focused iteration.

AI investment growth has proven slower among the wider business community than among CSPs, reflecting enterprises' strategizing over competing AI priorities. Most of the AI projects being evaluated by business are focused on automating repetitive tasks, improving employee productivity, and gaining insights from data analysis, through which they expect to generate significant cost savings.

Semiconductor makers have been the early winners, though the hardware sector, which provides infrastructure for AI's massive data flows, is also benefiting.

Software vendors need to convince enterprise customers of the value of the differentiated data sets underpinning their AI technology and demonstrate an ability to translate that data into value-enhancing output. IT service providers will also benefit as IT consultants and system integrators that help businesses adopt AI and execute their business strategies. We believe the software and services sectors will take another year or two longer to generate meaningful AI revenues because they must create use cases that customers find beneficial.

Our expectations:  We believe AI will prove a massive growth opportunity for the technology sector. We expect the market for AI, including traditional AI (such as machine learning) and generative AI will expand from less than $200 billion in 2023 to nearly $650 billion by 2028 and will account for nearly 15% of total global IT spending. We further believe spending on IT as a percentage of global GDP will increase meaningfully over the next decade.

Starting about 2025, we expect investment will shift significantly toward accelerating capabilities for AI at the edge (where data will be captured and analyzed on local devices) and will thus expand AI's adoption in various end markets, requiring increased security and lower latency. Enterprises involved in this edge transition will continue to rely on CSP's established training and inferencing capabilities, typically building bespoke AI systems on their foundational models.

We anticipate many AI business applications will be developed by a few companies, used by many, to achieve their intended productivity gains. The next stage of widespread AI adoption would likely involve more specialized AI use cases, notably as smaller companies make industry-specific tools and applications built on models developed by the larger CSPs. Smaller companies that do not integrate AI into their projects during this period will likely face challenges to remain competitive.

We expect the tech sector will benefit from a better secular growth prospect and result in improved rating trajectories for many of the rated tech issuers that can most leverage the emerging AI trend.

However, it will take time to transition from the investment stage to cash flow generations. For example, previous technology transitions, including the shift to cloud computing and software-as-a-service (SaaS), did not lead to immediate improvement in credit worthiness.

We believe sustainability of new AI product offerings or capabilities will be key to creating competitive advantages, rather than simply using AI to gain temporary margin improvements. We also expect some tech companies will be challenged by AI-related disruption and competitive weakness if they fail to successfully launch AI products or adopt AI capabilities in a timely manner.

AI: Telecom and Cable (positive)

Background:  Training and using AI models requires large amounts of data, which is increasing demand for networking services and data center connectivity. Telecom companies, particularly those that own and operate telecom infrastructure such as data centers and fiber networks, provide the backbone infrastructure that links AI applications directly to companies and consumers.

Data centers house the computer servers that will run the AI applications, and fiber companies provide the dark fiber and fiber networks that carry the data traffic between the hyperscaler data centers, large tech companies, and their customers. The terrestrial broadband operators--the telecom and cable companies that have connections directly into homes--will also modestly benefit from AI because increased data traffic into and out of the home will require consumers to upgrade their broadband services to faster data speeds and greater capacity.

Further, we expect some AI applications will require low latency which may benefit the wireless companies who have deployed advanced 5G wireless networks. In addition, the telecom industry will likely benefit from the application of AI to their own businesses. We expect improvements in customer services and employee productivity to modestly lower operating costs and improve profitability, though these savings may ultimately be passed onto customers through lower prices.

Our expectations:  The U.S. telecommunications sector will benefit longer term from the explosive growth in AI. In the short term, AI will likely requirement an increase in capital investments, especially for older data centers that need to modernize facilities to handle power-intensive AI applications, which could limit credit improvement.

AI: Unregulated Power (positive)

Background:  A surge in power demand and a simultaneous decline in supply due to decarbonizing efforts has led to an increase in the number of independent power producers in 2024. SPCI estimates that by 2035, the contiguous U.S. 48 states' incremental on-grid demand from large loads (such as datacenters) will be about 250 terawatt hours (TWh). This uptick stems from three specific factors: large loads (including datacenters for AI), heating electrification, and green hydrogen production. (For perspective, 250 TWh is equivalent to California's 2023 annual demand.)

The 2024 annual load growth reports show that the annualized growth rate expectations through 2030 in the PJM Interconnection (South) (7.4%), ERCOT (2.9%), and the Southwest Power Pool (3.0%) are the strongest. Growth rates in these regions have been updated from 5.3%, 2.3% and 2.1%, respectively, as recently as the first quarter of 2024.

Our expectations:  Market consultants believe this demand could increase at a 15% compound annual growth rate over 2023-2030, with over 400 TWh tied to large industrial loads, up from about 150 TWh (or about 9.5% of the current 4,200 TWh of U.S. power demand). This represents about 30 gigawatts (GW) of incremental load from data centers alone.

Most of this data center demand comes from the large hyperscalers, and the workload associated with generative AI is a big contributor. Power comprises typically 15%-20% of a data center's compute costs, mostly because of:

• Computing density and performance-intensive technology infrastructure;
• Higher power rack density; and
• Liquid cooling instead of air cooling.

Large language models require a lot of power for computation. If a data center reconfigures for AI use (instead of traditional storage such as email archive and health care records), its power need could rise by 20x.

Recognizing the demand surge, power prices in almost all markets are higher compared to the start to 2023 (and the start of 2024) despite natural gas holding steady. This suggests a material increase in market heat rates. Prices at the PJM Interconnection capacity auctions increased 9x compared to prices set in the previous auction 18 months ago.

Given the increase in power price and demand, our view of the sector has improved. We note that 25% of rated issuers in the sector have positive outlooks. The number of negative outlooks has improved, comprising only 6% of issuers at year-end 2023 compared to 15% at year-end 2021, and 24% in December 2020.

AI: Utilities (positive)

Background:  Overall, we anticipate that the growth of data centers will increase the industry's electricity sales by about 1% annually. This is transformative and contrasts to the industry's flat to negative electricity sales growth over the prior two decades because of conservation. Overall, electricity sales growth will allow the industry to spread its fixed costs over a wider base, which we view as supportive of credit quality.

However, we also expect that the data center expansion will further increase the industry's annual robust capital spending by about 10%-15%, potentially increasing the industry's leverage and pressuring financial measures. Currently, more than 20% of the utility industry has a negative outlook and about one-third of the industry is actively managing its financial measures with only minimal financial cushion from its downgrade threshold. As such, for the industry to maintain credit quality it will need to finance this rising capital spending in a credit supportive manner.

Our expectations:  We assess the rise of AI and the growth of data centers as modestly positive for North America's regulated utility industry's credit quality. We expect that the industry will structure contracts with the data centers such that they don't negatively impact the customer bill for existing customers. Accordingly, we believe the sector will likely benefit from this long-term trend. The sector has essentially not experienced any sales growth over the past two decades and a 1% electricity sales growth over the longer term is transformative. However, we remain concerned that the increased capital spending and cash flow deficits necessary to support this growth may not be funded sufficiently in a credit supportive manner that could pressure credit quality.

Cyberattacks

Why it matters

The level of cyber risk continues to increase year over year, with the impact of the risk borne by affected entities and their customers. We view cyber risk as the risk of a compromise to the confidentiality, integrity, or availability of an entity's information assets. This could be in the form of a data breach or service interruption. We define information assets as any software, data, or information technology hardware that contribute to the entity's activities and operations. Information assets can be owned by the entity or provided by a third-party.

Among other factors, cyber risk is influenced by the types of data processed, with organizations that process sensitive personal and financial data facing higher levels of risk. Since levels of cyber risk continue to increase, we believe organizations face an increasing burden to take measures to mitigate the impact of a potential incident. Organizations that invest time and money into improving their cybersecurity can reduce the probability of an incident or of having materially negative consequences if an attack occurs. We view cybersecurity as the actions an entity takes to measure or reduce its cyber risk.

Transmission channels

A cyberattack could impact a company's reputation, potentially leading to a loss of customer confidence and business opportunities. This could directly impact revenue.

Additionally, a successful cyberattack could affect operating costs as the company recovers, including investments to upgrade assets. Depending on the length and extent of a cyberattack, business disruption could also affect a company's financials.

Potential credit impact

Corporate sectors that we view as having more risk include those with extensive use of payment processing systems and personal financial data (such as retail and restaurants), valuable IP (pharmaceuticals), sensitive personal data (health care), and infrastructure and control system attacks (telecoms, technology, utilities).

In our view, industries with less risk of cyberattacks tend to have comparatively lower value-added, commoditized products, or IP-related risk, and generally limited reliance on high-end technology and lower public network touchpoints. Real estate, chemicals, and metals and mining are examples of such sectors.

Though we view a sector as more or less at risk of a cyberattack, the likelihood of a rating impact would also depend on the severity of the cyberattack, as well as the effectiveness of management's mitigating actions and recovery plans.

Cyber: Aerospace and Defense (some risk)

Background:  Aerospace and defense companies face growing sensitivity to potential cyberattacks, owing mainly to the highly confidential nature of proprietary technology and information related to national security concerns. The threat has increased in recent years, due in part to the Ukraine conflict, and is unlikely to ease amid current and emerging conflicts in the Middle East.

Our expectations:  So far, data security breaches have been isolated events and not material to credit profiles across the industry. However, we believe unauthorized access to systems and networks (including the connectivity of products sold) could pose a threat to the future operations of certain issuers.

At the same time, costs notably related to technology solutions and infrastructure, third-party testing, and adherence to increased regulatory and compliance requirements aimed at protecting data have been rising. Defense companies working with the U.S. government must adhere to contracting regulations that impose specific procurement and stringent cybersecurity regulations.

On the other hand, while not a significant share of operations, certain issuers are engaged in the sale of defensive cybersecurity products. For these issuers, we expect these sales will mitigate the costs associated with data security that we assume will increase in order to limit future cyberattack exposure. Consideration for a higher level of risk exposure would likely follow future material cyber security breaches that we currently do not envision.

Cyber: Agribusiness (some risk)

Background:

Although on-farm production is not highly exposed to cyber risk, the agricultural supply chain can be. According to the World Trade Organization, agriculture and food make up 17% of global trade. Therefore, cyberattacks on systems infrastructure can disrupt trade flows and put food security at risk. In addition to the threat of supply chain disruption, operators of commodity processing facilities periodically face manufacturing disruptions from cyberattacks, which can be costly to mitigate.

Our expectations:

Historically, cyberattacks have been limited to isolated incidents targeting individual processing facilities, such as beef packing facilities and other commodity processing operations. Past attacks have not affected companies' more data sensitive enterprise-wide systems but have penetrated local operations. This is likely because of weaker cyber security at those locations.

As such, past cyberattacks have not been financially material, but have nonetheless put operations at risk. we believe periodic cyberattacks on processing facilities will continue, particularly for local operators because much of that segment of the broader industry is fragmented across various regional operators that have fewer resources to invest in systems security.

Attacks to more systemically important logistics operations are less likely but would be much more material; this is because the majority of trade flows are concentrated across a handful of global agricultural commodity traders. Moreover, timely and cost-efficient distribution of agricultural commodities is a low margin business that requires diligent logistics management across a global supply chain that spans maritime, rail, and road infrastructure, which is highly reliant on systems security. Any attack to a globally integrated supply chain operation could be material.

However, we believe such events are less likely compared to attacks on local processors because global grain traders that dominate the industry continue to invest heavily in systems security as a core competency. Nonetheless, the inherently thin margins of commodity processing and merchandising could quickly erode margins if systems were to be compromised by a cyber event.

Cyber: Autos (some risk)

Background:  As vehicles embed more software and data, we see rising risks related to the compromise of confidentiality and integrity around connected technologies, firmware updates, and telematics. Automobiles for customers and fleet managers have high-end technology with rising public network touchpoints because modern vehicles are equipped with numerous connected systems, including infotainment, navigation, and telematics.

These systems, if not properly secured, can be hacked to gain control over vehicle functions, potentially leading to dangerous situations such as remote control of brakes or steering. Vehicles rely heavily on software and firmware for operation. Vulnerabilities in these components can be exploited to inject malicious code, disrupt vehicle operations, or access sensitive data.

The auto industry relies on a complex supply chain, including numerous third-party vendors for hardware and software components. Compromising any part of this supply chain can introduce vulnerabilities into the final product, allowing attackers to exploit these weak points to gain access to vehicle systems.

Vehicles collect vast amounts of data, including location, usage patterns, and personal information of drivers and passengers. In addition, auto dealers also have considerable personal data mostly through their dealer management software stacks. Protecting this data from breaches and ensuring compliance with privacy regulations like General Data Protection Regulation (GDPR) is a significant challenge. Data breaches can lead to identity theft, financial loss, and erosion of consumer trust. In addition to reputational damage, automakers may also face fines under GDPR and other cybersecurity regulations.

Our expectations:  As automakers and their auto dealers secure more access to sensitive personal data, this sector could transition to a higher risk category over time. Also, automakers, auto dealers, and collision repair providers face the risk of cyberattacks on large dealership management systems. For example, there was major sales disruption from a cyberattack on data management services provider CDK Global in June 2024.

Addressing all these risks requires a comprehensive approach that includes secure design practices, regular software updates, rigorous testing, and collaboration across the industry to establish and adhere to cybersecurity standards.

Cyber: Business and Technology Services (some risk)

Background:  Cyber risk remains an important credit factor for data, software and technology service providers (which comprise roughly 25% of our rated coverage) because the severity and frequency of hacks adds vulnerabilities while providing opportunities for cyber-security providers. For the rest of the sector (75% of rated coverage), cyber risk is less relevant because most business services (including facility maintenance, environmental, and distribution services) have limited exposure to data breaches or technology-related disruptions.

Though not a material driver of credit rating actions to date, we note the rising nature of the threat of cyberattacks in terms of frequency and monetary impact. Material cyber incidents in this sector have affected issuers such as CDK Global Inc., Sitel Group SA, UKG Inc., Equifax, Rackspace Technology Global Inc., and ISS A/S, which process large amounts of data or provide critical technology services. So far, credit impact has been limited because of swift remediation efforts and access to cyber insurance in most cases.  

Our expectations:  We believe financial data providers like MSCI and Fair Isaac Corp. (FICO), cross-border remittance providers such as TransNetwork LLC, and payroll processors like ADP will incur higher IT security spending, cyber premiums, and compliance and legal costs to protect against customer churn and reputational damage. 

Conversely, we view the evolution of cyber-related developments to be a modest credit positive for issuers like Escape Velocity Holdings Inc. (Trace3), World Wide Technology Holding Co. LLC, UST Holdings Ltd., Optiv Inc., Jacobs Solutions Inc., and Rackspace due to strong demand for cyber security technology software or consulting services providers.

Cyber: Capital Goods (some risk)

Background:  Cyberattacks have not inflicted severe credit damage on any issuers in U.S. capital goods sector yet. Software and connectivity are increasingly important in industrial equipment. More companies are offering products with integrated data components, often with subscription revenue, which tend to improve margins and revenue stickiness.

U.S. capital goods companies have reported fewer than 10 cyber incidents over the past two years, and we believe the impact on sales and credit metrics was limited in each case.

Our expectations:  Despite the lack of high-impact financial losses in the industry to date, companies increasing their data connections with customers face growing risks from technological incursions. So far, we believe these incidents have been more targeted toward holding companies for ransom, rather than intellectual property theft, which is likely a growing issue with more connected hardware.

Cyber: Consumer Products (some risk)

Background:  Cyberattacks primarily targeted at manufacturing facilities periodically occur for consumer product manufacturers. Customer data breeches can also impact the industry. In 2023, Clorox Co. was the target of a cyberattack that caused operational disruptions. The resulting temporary stock-outs and some lost distribution was material to credit, and we revised our outlook on the company to negative.

Our expectations:  We expect isolated cyberattacks to periodically disrupt consumer goods manufacturing. Such incidents can be material for certain issuers depending on their degree of manufacturing concentration but would not typically impact the industry more broadly. We also believe consumer products companies are at risk because they typically collect sensitive personal data of their customers from direct-to-consumer sales (or when they have an arrangement with retailers that gives them access). Furthermore, large multinationals with brand reputational risk make this sector attractive to cyber criminals.

Cyber: Health Care (more risk)

Background:  Cyberattacks are a growing risk to the operations of health care providers, pharmaceutical companies, and medical device manufacturers. The health care industry is roughly 17% of U.S. GDP and is one of the sectors most attacked by cyber criminals. The industry's sensitive personal and financial data, increasing connectivity of systems and data, and the ability to disrupt operations that have potential life-and-death implications makes it a target for cyberattacks.

Health care providers must also comply with the Health Insurance Portability and Accountability Act (HIPAA), and regulators provide related cybersecurity guidelines specifically geared toward protecting Personally Identifiable Information (PII). Litigation associated with HIPAA violations and other breaches of sensitive personal data can lead to significant financial and criminal penalties.

The increasing drive toward value-based care and growing use of AI will accelerate the reliance on interconnectivity and concentration of health care data.

Our expectations:  A successful cyberattack could have both immediate and long-term effects on a company's credit quality, with implications for operational disruption; this could lead to financial underperformance and have a direct impact on liquidity. While there are implications across the industry, including medical device and pharmaceutical sectors, we believe the much larger, more interconnected health care services sector is most vulnerable.

Disruptions could lead to a dangerous reduction in treatment capacity and increase procedure delays; additionally, the sensitive and personal nature of health care data could also lead to reputational, regulatory, or litigation damages and result in an erosion of competitive position. Companies at the lower end of the spectrum, which are a majority of health services providers, may also have less fully developed cyber risk management capabilities.

For example, the ransomware cyberattack on Change Healthcare earlier this year--while it ultimately had limited impact on operations and financials for health care service companies for our rated companies--highlights the vulnerability of disruption to the functioning of the U.S. health care system. Change Healthcare provides electronic prescribing, claim submission, and payment processing. Owned by UnitedHealth Group, Change Healthcare processes roughly 15 billion transactions annually and handles an estimated half of all medical claims in the U.S.

The ransomware attack resulted in claim approval and payment delays, resulting in missed revenue opportunities, procedure scheduling delays, and operating cash flow impacts. For patients, it resulted in delayed prescriptions and procedures, and led to significant fears on data privacy. Only through a temporary funding assistance program set up by UnitedHealth and providers using alternative workarounds and legacy vendor systems did the company avoid more serious adverse impacts.

Still, the disruption in payments due to the Change Healthcare cyberattack resulted in the default of hospital and outpatient service provider, Quincy Health LLC, due to missing an interest payment because of a constrained liquidity situation that was exacerbated by a disruption in payments.

Cyber: Hotels, Gaming, and Leisure (some risk)

Background:  Cyber risks to and concerns about customer data are increasingly relevant across many leisure sectors given increasing data privacy regulations and the volume of customer and payment data that operators collect and sometimes store in their loyalty program databases. Cyberattacks, including data breaches, can result in regulatory actions or fines, brand or reputational risk, lawsuits, or business disruption.

Although the sector has not faced negative rating actions to date, an increase in the frequency and severity of events could lead to financial and reputational harm. Cyber insurance has somewhat mitigated the financial impacts of recent attacks but as the number of these events increases over time, it may become increasingly expensive for companies to insure themselves against these types of events, increasing potential financial burdens in the event of attacks. Companies also face reputation damage as a result of cyber events, which is more difficult to quantify.

Last year, two large gaming operators, MGM Resorts International and Caesars Entertainment Inc, both experienced cyberattacks and faced potential reputational harm as a result. Unlike Caesars, MGM also experienced significant operational disruption for an extended period, resulting in a notable third-quarter financial impact. Both companies carried cyber insurance, which offset some of the financial fallout.

Our expectations:  In our view, the most significant risk is an increase in the frequency of cyberattacks at an issuer, reducing consumers' confidence that their personal information is being adequately protected.

Gaming in North America is predominantly conducted in person and using cash. Over time, we believe it is likely that gaming regulators could approve more cashless technology and states could allow online gaming. In our view, these changes will increase cyber risk in the gaming industry. Gaming operators may need to allocate additional resources to enterprise risk management and cybersecurity defenses to meet jurisdictional regulations, ensure the integrity of games, and protect customers' financial information and accounts.

Cyber: Media and Entertainment (some risk)

Background:  The global media and entertainment industry is exposed to cyberattacks as consumers make, purchase, and access content online. Content is overwhelmingly delivered digitally through video streaming services (for film and episodic content) and music streaming services (such as Spotify), which makes it vulnerable to digital theft.

Our expectations:  Piracy of physical media (CDs, vinyl, etc.) has always been an issue, especially in countries without strong legal IP protections, though it's generally been a loss of revenues for the media companies and not an attack on consumer privacy.

We believe theft of digital content will be similar; it will likely lead to a loss of revenues. Still, as media companies shift to direct-to-consumer distribution, the risk of hacking and loss of consumer data--which could result in regulatory fines and lawsuits--will increase.

Cyber: Oil and Gas (some risk)

Background:  We believe the oil and gas sector will remain a target for cyberattacks. This could disrupt critical infrastructure. As the oil and gas industry becomes increasingly digitized, it remains open to cybersecurity risks, which are a factor in our analysis.

Throughout the value chain for oil and gas, each segment is exposed to cyberattacks in different ways. Companies operating in the upstream segment who are drilling in remote, challenging, and diverse geographic locations, often find it difficult to monitor, track, and secure their operations, increasing their exposure to cyberattacks. Downstream refiners, many of which have refineries that were built years ago--have systems or equipment that can't support cybersecurity systems to thwart potential attacks.

For instance, in the spring of 2022 in what has been called one of the largest cyberattacks in history, a hacker caused severe disruption to the European Oil Refining Ports and Storage Facilities, affecting the entire Amsterdam-Rotterdam-Antwerp region. The attack shut down numerous ports, resulting in supply disruptions worldwide, with billions of Euros lost in the process.

In the midstream segment, hackers can cause massive disruption to operations and transportation through an attack. For example, at Colonial Pipeline in 2021 a ransomware attack resulted in the company shutting down all its pipelines for six days, causing gasoline prices to soar; in some states it resulted in many consumers along the eastern seaboard scrambling to find gasoline. Furthermore, the company paid $4.4 million to the hacker group.

Our expectations:  An attack could have rating implications if business interruption combines with a material balance sheet event. This could include diminished liquidity due to a ransom payment or regulatory fines, or significant asset impairments including long-lived assets affected by corrupted hardware or software, patents, and other customer-related intangible assets.

However, we believe the risk of rating actions is low; to date, the financial and operational risk to oil and gas companies has been relatively muted and has not resulted in rating changes.

Cyber: Retail and Restaurants (more risk)

Background:  Retailers hold vast troves of their customers' sensitive personally identifiable information, including financial data such as credit card numbers and demographic marketing data. The sector is therefore attractive to hackers for the information itself or for potential ransom that a retailer may be willing to pay to protect its data and reputation.

An early cyberattack of scale occurred in 2013 when Target Corp. was the victim of attackers who infiltrated the company's networks and gained access to personal information of 70 million customers. Target announced in 2015 that the attack had cost it $167 million in expenses plus about $150 million to settle lawsuits. Although the financial impact did not rise to a level material to the rating, it was a wake-up call for the industry to put in place stronger defenses.

More recent attacks have had less of a financial impact on companies. For instance, in August 2024 Dicks Sporting Goods Inc. reported that sensitive data had been exposed due to a cyberattack. The company implemented its cyber-response plan and said that the attack was not material and did not disrupt operations.

Our expectations:  Retailers continue to invest in cyber security, and to date such breaches have not had a credit impact. However, we still view this industry as highly vulnerable to cyberattacks due to the extensive use of payment processing systems and personal financial data.

As customer engagement, including effective loyalty programs, and transactions become increasingly digital, the cost to protect customer information will grow. Additionally, sophisticated marketing tools rely on rich customer data to be effective. Consumers' confidence in a retailer's ability to keep information secure affects how much they are willing to share.

Cyber: Technology (some risk)

Background:  As data continues to grow exponentially and an increasing amount of data either resides or passes through a more complex data processing environment with a mix of public cloud, on-premise data centers, or edge devices, it exacerbates cybersecurity risks for the tech sector.

Some high-profile cybersecurity breaches have led to temporary impacts on company profitability due to higher costs allocated to IT security spending and legal fees. For example, in December 2020, SolarWinds Holdings Inc., an IT management software provider, was made aware of a cyberattack that inserted a vulnerability into its Orion monitoring products, which could allow an attacker to compromise the server on which Orion products run. (The company estimated that fewer than 18,000 out of 300,000 total customers installed the version of Orion that contains the vulnerability.)

Although the cyber breach only had a modest impact on the company's financial performance, the fallout involved significant remedial actions with its commercial and government customers, incremental IT security spend and legal fees, and took the management team's attention away from growing its business.

Additionally, despite having the most advanced security systems in place, cyber breaches can still occur because of human error. Nevertheless, technology vendors could still be exposed to reputational harm and customer losses for their perceived inability to adequately manage sensitive information for customers.

Our expectations:  Because technology solutions are typically used in managing critical infrastructure and the processing and storing of sensitive data, they are also the most frequent target for cybersecurity vulnerabilities.

However, tech companies are taking steps to mitigate the heightened cybersecurity risks in the sector. For example, they place increasing emphasis on providing products and services with high cybersecurity standards and are accompanied with continuous security updates to meet the evolving industry needs.

Cyber: Telecom and Cable (more risk)

Background:  The U.S. telecommunications sector is the primary link for consumers to access the internet and is therefore exposed to elevated cyber threats. This is particularly true given the number of access points into these networks, any of which could allow illicit network access. Recent high profile cyberattacks against T-Mobile, AT&T, and Comcast, have resulted in data breaches in which consumer data was stolen.

Our expectations:  We view cyber breaches as an ongoing risk and one that the telecom companies aren't likely able to completely mitigate. However, so far these breaches have not resulted in a material financial impact to their businesses. For example, there has not been an increase in consumer churn. Also, while companies have paid regulatory fines, offered identity protection to affected consumers, increased incremental capital expenditure (capex) to improve security, or had to settle investor and consumer lawsuits, none of these actions have materially affected financial metrics or ratings.

Cyber: Transportation Cyclical (some risk)

Background:  Data privacy and cybersecurity have received heightened legislative and regulatory focus in the corporate transportation sector (which excludes infrastructure). Airlines are particularly exposed to cyberattacks relative to other transportation subsectors due to their increasing reliance on technology and automated systems to operate.

Computerized airline reservation systems, electronic tickets, electronic airport kiosks, demand prediction software, and flight operations systems are now commonplace, and will increase in importance as passenger traffic continues to grow globally. Certain airlines have faced disruptions to their information technology (IT) systems in recent years that had a material financial impact from multiday flight delays. While the events were not linked to cyberattacks, it highlights how integral IT systems are to their operations.

In addition, airlines collect, process, store and transmit sensitive data to commercial partners, including personal customer information such as credit cards and business partner information. A material data breach from a cybersecurity incident could materially harm its business not only from higher security and remediation-related costs but also from reputational damage, particularly when considering highly competitive airline market conditions.

Our expectations:  The credit risk implications of cyberattacks to this point have been muted, but we believe airlines could face higher future exposure relative to other transportation subsectors. In our view, this reflects the increasing reliance on technology and automated systems by airlines to operate.

At the same time, noncyber-related systems outages have affected certain airlines over the past two years but led to increased company investment and oversight. In our view, increasingly robust systems will likely limit the probability of cyberattacks, and we have no material concerns across the broader transportation sector. We also believe that any potential financial impact would be modest, and inconsistent with a higher risk classification.

Cyber: Unregulated power (some risk)

Background:  Critical infrastructure assets such as nuclear units are very visible to the public and could be at a higher risk for a cyberattack. Given the headline risk, the industry continually invests and implements the latest cybersecurity measures to avoid being exposed to a cybersecurity breach.

Our expectations:  We assess cyber risks as somewhat negative for North America's unregulated power industry. A cyber breach could raise regulatory scrutiny and potentially higher cost for the entire nuclear fleet. Additionally, we note that several power stations are situated at logistically sensitive locations.

Cyber: Utilities (some risk)

Background:  Like the unregulated power sector, North America's regulated utility industry has critical infrastructure assets that are at a higher risk for a cyberattack. Accordingly, the industry must continuously invest and implement the latest cybersecurity measures to avoid being exposed to a cybersecurity breech. Such a breech could disclose sensitive customer data or impact a utility's operations.

Our expectations:  While cybersecurity breeches against infrastructure assets have been relatively low, we believe the threat of cyberattacks remain high. The 2024 cybersecurity breach against American Water underscores the sector's ongoing cybersecurity risks. Despite the sector's exposure to cyberattacks, it has heavily invested in cyber security to significantly limit this risk. We believe the sector's ongoing vigilance in this area is critical to maintaining credit quality.

Blockchain And Digital Assets

Why it matters

Some of the entities we rate are using blockchain technology to address credit risks and operational challenges. Blockchains provide decentralized network solutions and information ownership and security tools that can help to mitigate some of the risks from AI adoption and cyber vulnerabilities.

Transmission channels

Blockchain technology may affect credit ratings through shifting competitive dynamics, creating operational and cost efficiencies, and addressing security risks. Competitive landscapes may be disrupted where decentralized platforms can disintermediate some activities, and where incumbents that materialize benefits from blockchain technology gain an advantage over competitors.

Potential credit impact

The adoption of blockchain technology is still in its early days, and its effect on credit ratings will not be immediate. Therefore, we currently view blockchain and digital assets as neutral to credit risk across corporate sectors.

In our view, the most visible impact will be in offsetting some of the risks related to AI and cyber described in earlier sections of this report. Specifically, we believe health care and media and entertainment sectors could eventually benefit from blockchain as a way to mitigate potential AI and cyber risk.

Blockchain and Digital Assets: Health Care

Blockchain technology may help to reduce cyber risk in the sector by securing medical records and supporting drug traceability, for example. We identify the health care sector as particularly exposed to cyber risk, which will be amplified by the growth of AI.

Blockchain and Digital Assets: Media and Entertainment

Tokenization can protect intellectual property rights and therefore mitigate potential risks from AI for this sector. Tokenization can also enable decentralized content distribution. These use cases are nascent but their development alongside the growth of AI could affect competitive dynamics positively or negatively depending on the nature of the business. For example, we expect changes in competitive dynamics would be favorable for content creators but negative for distributors.

Blockchain and Digital Assets: Unregulated Power and Regulated Utilities

Bitcoin is a major energy consumer, and mining has shifted significantly toward the U.S. over the last three years. Mining may compete for scarce energy resources in some locations and amplify demand, which is already elevated by AI. There is also a trend toward the colocation of Bitcoin mining activities with renewable energy sources to provide an energy demand load-balancing mechanism while improving the economics of renewable energy projects.

Blockchain and Digital Assets: Technology

We do not currently rate any specialized bitcoin mining companies. Our views on key challenges facing these companies are covered in "Can Bitcoin Mining Outlive Block Subsidies?", published May 1, 2024. However, operators of high-performance computing data centers are exploring bitcoin mining, both as a revenue diversifier and potentially to allow access to lower-cost energy sources.

Related Research

• Evolving Risks In North American Corporate Ratings: An Overview, Oct. 29, 2024
• Evolving Risks In North American Corporate Ratings: Climate Change, Oct. 29, 2024
• Evolving Risks In North American Corporate Ratings: Supply Chain Disruption, Oct. 29, 2024
• Data Centers: Computing Risks And Opportunities For U.S. Real Estate, Oct. 22, 2024
• AI And Crypto Will Shape The Future Of The Internet, Oct. 1, 2024
• Global Business And Tech Services Outlook: Unveiling Risk And Resilience Across Subsectors, July 31, 2024
• The AI Gold Rush Will Use Telecom's Picks And Shovels, July 30, 2024
• Credit FAQ: Inflation, China, And EV Transition Risks Casts Long Shadow On North American Auto Suppliers, July 22, 2024
• Credit FAQ: AI Bots Are Here, So How Will Customer Experience Outsourcers Cope?, July 17, 2024
• AI In Healthcare: A Path To Long-Term Immunity?, June 25, 2024
• Evolving Risks For Credit Quality In U.S. Capital Goods, June 18, 2024
• Credit FAQ: U.S. Digital Publishers Have Cause For Concern Over Google's AI Overviews, May 23, 2024
• White Paper: Assessing How Megatrends May Influence Credit Ratings, April 18, 2024
• AI Will Gradually Reshape U.S. Tech Companies' Credit Quality, April 8, 2024
• U.S. Inflation Reduction Act Highlights Diverging Approaches With Europe, March 1, 2023
• Cyber Risk in Health Care: High Stakes, Valuable Data, and Increasing Connectivity Attract Bad Actors, Dec. 6, 2022

Appendix

Table 1

Author Directory
Sector Coverage	Contributor
Aerospace & Defense, Transportation Cyclical	Jarrett Bilous
Autos, Business and Technology Services	Nishit K Madlani
Capital Goods, Metals and Mining	Donald Marleau, CFA
Chemicals	Paul J Kurias
Consumer Products	Chris Johnson, CFA
Health care	Arthur C Wong
Hotels, Gaming and Leisure	Emile J Courtney, CFA
Hotels, Gaming and Leisure	Melissa A Long
Media and Entertainment, Telecommunications and Cable	Naveen Sarma
Oil and Gas	Thomas A Watters
REITs, Homebuilders and Building Materials	Ana Lai, CFA
Retail and Restaurants	Sarah E Wyeth
Technology	David T Tsui, CFA, CPA
Unregulated Power	Aneesh Prabhu, CFA, FRM
Utilities	Gabe Grosberg
Megatrend
Artificial Intelligence	Sudeep K Kesh
Blockchain and Digital Assets	Andrew O'Neill
Cyber	Raam Ratnam, CFA, CPA
Cyber	Jawad Hussain
Cyber	Tiffany Tribbitt

Primary Credit Analysts:	Alison M Sullivan, CFA, New York + 1 (212) 438 3007; alison.sullivan@spglobal.com
	Chiza B Vitta, Dallas + 1 (214) 765 5864; chiza.vitta@spglobal.com
Secondary Contacts:	Jarrett Bilous, Toronto + 1 (416) 507 2593; jarrett.bilous@spglobal.com
	Emile J Courtney, CFA, New York + 1 (212) 438 7824; emile.courtney@spglobal.com
	Gabe Grosberg, New York + 1 (212) 438 6043; gabe.grosberg@spglobal.com
	Lapo Guadagnuolo, London + 44 20 7176 3507; lapo.guadagnuolo@spglobal.com
	Jawad Hussain, Chicago + 1 (312) 233 7045; jawad.hussain@spglobal.com
	Chris Johnson, CFA, New York + 1 (212) 438 1433; chris.johnson@spglobal.com
	Sudeep K Kesh, New York + 1 (212) 438 7982; sudeep.kesh@spglobal.com
	Gregg Lemos-Stein, CFA, New York + 212438 1809; gregg.lemos-stein@spglobal.com
	Melissa A Long, New York + 1 (212) 438 3886; melissa.long@spglobal.com
	Nishit K Madlani, New York + 1 (212) 438 4070; nishit.madlani@spglobal.com
	Donald Marleau, CFA, Toronto + 1 (416) 507 2526; donald.marleau@spglobal.com
	Andrew O'Neill, CFA, London + 44 20 7176 3578; andrew.oneill@spglobal.com
	Aneesh Prabhu, CFA, FRM, New York + 1 (212) 438 1285; aneesh.prabhu@spglobal.com
	Raam Ratnam, CFA, CPA, London + 44 20 7176 7462; raam.ratnam@spglobal.com
	Naveen Sarma, New York + 1 (212) 438 7833; naveen.sarma@spglobal.com
	Tiffany Tribbitt, New York + 1 (212) 438 8218; Tiffany.Tribbitt@spglobal.com
	David T Tsui, CFA, CPA, San Francisco + 1 415-371-5063; david.tsui@spglobal.com
	Thomas A Watters, New York + 1 (212) 438 7818; thomas.watters@spglobal.com
	Arthur C Wong, Toronto + 1 (416) 507 2561; arthur.wong@spglobal.com
	Sarah E Wyeth, New York + 1 (212) 438 5658; sarah.wyeth@spglobal.com
Editor:	Annie McCrone