Chemical companies are enhancing their cybersecurity measures in response to rising threats and new regulations. According to a Moody’s Ratings report, basic cyber defense practices have become nearly universal across the industry. This trend is driven by increasing regulatory focus from both the EU and the US on critical economic sectors, including chemicals.
The EU’s updated Network and Information Security Directive, NIS 2.0, will impose new cybersecurity rules for chemical firms starting in October. In the US, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 is finalizing incident reporting and ransomware regulations, which may become effective in early 2026. These regulations aim to address vulnerabilities in biological and chemical security that could impact public health and national security.
The report also highlights the growing sophistication of cyber defenses within the chemical sector. Notably, 95% of cybersecurity chiefs in the industry report directly to C-suite executives, reflecting strong governance. Many companies have linked leadership compensation to cyber risk performance and increased their cyber spending, especially among small and midsized firms.
Moody’s survey found that while third-party software remains a significant risk, 88% of chemical industry respondents have stand-alone cyber insurance. Most firms have implemented essential cybersecurity practices such as incident response plans, weekly data backups, and multifactor authentication. The upcoming regulations are expected to enhance internal and external reporting requirements for these companies.
Reference:
