Skip to main content
MENU
Subscribe
  • Sign Up Free
  • LOGIN
  • Subscribe
  • Topics
    • Alternatives
    • Consultants
    • Coronavirus
    • Courts
    • Defined Contribution
    • ESG
    • ETFs
    • Face to Face
    • Hedge Funds
    • Industry Voices
    • Investing
    • Money Management
    • Opinion
    • Partner Content
    • Pension Funds
    • Private Equity
    • Real Estate
    • Russia-Ukraine War
    • SECURE 2.0
    • Special Reports
    • White Papers
  • Rankings & Awards
    • 1,000 Largest Retirement Plans
    • Top-Performing Managers
    • Largest Money Managers
    • DC Money Managers
    • DC Record Keepers
    • Largest Hedge Fund Managers
    • World's Largest Retirement Funds
    • Best Places to Work in Money Management
    • Excellence & Innovation Awards
    • WPS Innovation Awards
    • Eddy Awards
  • ETFs
    • Latest ETF News
    • Fund Screener
    • Education Center
    • Equities
    • Fixed Income
    • Commodities
    • Actively Managed
    • Alternatives
    • ESG Rated
  • ESG
    • Latest ESG News
    • The Institutional Investor’s Guide to ESG Investing
    • ESG Sustainability - Gaining Momentum
    • ESG Investing | Industry Brief
    • Innovation in ESG Investing
    • 2023 ESG Investing Conference
    • ESG Rated ETFs
  • Defined Contribution
    • Latest DC News
    • DC Money Manager Rankings
    • DC Record Keeper Rankings
    • Innovations in DC
    • Trends in DC: Focus on Retirement Income
    • 2023 Defined Contribution East Conference
  • Searches & Hires
    • Latest Searches & Hires News
    • Searches & Hires Database
    • RFPs
  • Research Center
    • The P&I Research Center
    • Earnings Tracker
    • Endowment Returns Tracker
    • Corporate Pension Contribution Tracker
    • Pension Fund Returns Tracker
    • Pension Risk Transfer Database
  • Careers
  • Events
    • View All Conferences
    • View All Webinars
    • 2023 ESG Investing
    • 2023 Private Markets
Breadcrumb
  1. Home
  2. RISK MANAGEMENT
March 05, 2018 12:00 AM

Investors pushing harder for cybersecurity solution

SEC proposal seen lacking; onus on institutions

Hazel Bradford
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Reuters/Joshua Roberts
    Robert Jackson Jr. believes the current SEC proposal is sorely lacking.

    As SEC officials debate stronger actions to require public companies to disclose preparations for cybersecurity risks and incidents, the pressure is on institutional investors to keep pushing, industry sources said.

    The Securities and Exchange Commission voted unanimously on Feb. 21 to update its 2011 guidance for public companies that aimed to tell public companies how to disclose cybersecurity risks and procedures. SEC Chairman Jay Clayton said the update "will promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors."

    The update added two topics: the importance of having cybersecurity policies and procedures in place, and bans on stock trading by board members and executives after a cybersecurity incident.

    For the two Democratic commissioners, Kara Stein and Robert Jackson Jr., the action was underwhelming.

    "The bottom line on cybersecurity is, companies are under attack 24 hours a day, seven days a week. This is a war right now," Mr. Jackson said in an interview. He likened the SEC guidance to bringing a whiffle-ball bat to a Major League Baseball game.

    Four days earlier, the White House Council of Economic Advisers raised its own alarm in a report, saying that firms are not investing enough to prevent and ​ evaluate the risk of cybersecurity attacks, and that regulators need to do more to get public companies to up their cybersecurity prevention game. In the case of public companies, the CEA found, companies lost an average 0.8% of their market value after a cyber event. Investors should be made aware of the risk, and all registered firms, including private funds, should make cybersecurity a compliance priority, the report authors said.

    Keeping an open mind

    SEC officials said on a press call that they are keeping an open mind about possible rule-making to require cybersecurity measures be disclosed in 8-K filings, but for now they will follow events and see how the market responds. An 8-K requirement "is a possibility," Mr. Clayton said at the recent SEC Speaks conference, "but it is not on my near-term agenda."

    In the meantime, Mr. Clayton said, "institutional investors are asking good questions."

    Some, like New York state Comptroller Thomas P. DiNapoli, are doing a lot more. Mr. DiNapoli, the sole trustee of the $209.1 billion New York State Common Retirement Fund, Albany, agrees that the latest SEC action fell short. For starters, he wants the SEC to deny a no-action relief request by Express Scripts Holding Co. after it proposed excluding the pension fund's cyberrisk shareholder resolution from its 2018 proxy statement.

    The proposal calls for the company's board to review and publicly report its cyberrisk and actions taken to mitigate that risk, within a reasonable timeframe and omitting confidential information.

    "Cybersecurity is one of the most critical matters facing businesses today. This is especially true for health-care companies that hold vast amounts of private patient data," said Mr. DiNapoli, who thinks shareholders deserve more information about board oversight or actions taken to mitigate cyber risk in operations.

    In an unrelated action, the New York Department of Financial Services also is stepping up cybersecurity efforts, requiring banks, insurance companies, and other financial services institutions regulated by department to have a cybersecurity program designed to protect consumers' private data, written policies and controls in place to help ensure the safety and soundness of New York's financial services industry, according to an August 2017 news release.

    Mr. Jackson of the SEC thinks "there is more to come" from pension funds and other large shareholders, although "it's obviously not ideal when investors have to do it case by case," he said.

    Anne Sheehan, director of corporate governance at the California State Teachers' Retirement System, West Sacramento, said that officials at the $231.6 billion pension fund "were very pleased when the commission acted," and they are now waiting to see how companies respond. "It's an issue that can have tremendous impact to the stock price. Having the imprimatur of the commission helps," she added.

    "Shareholders now have to be vigilant and see what additional measures companies are going to be disclosing, and how they are managing this risk under this guidance," said Ms. Sheehan, who does expect to see some shareholder proposals to companies.

    CalSTRS, which has 8,000 public companies in its portfolio, will continue to hold discussions with companies on their cyber policies and oversight of board positions on cybersecurity risks and controls. "We are watching to see how companies step up their game," said Ms. Sheehan.

    "I think we've got to give it a little bit of time. If the shareholders feel they aren't getting the information, then they can come back and ask the SEC to do more," she said.

    Interest from Washington

    Congress is also watching. Equifax Inc.'s March 1 disclosure that it found 2.4 million more people affected by its massive data breach than initially reported prompted Sen. Elizabeth Warren, D-Mass., to call for action on legislation that she and Sen. Mark Warner, D-Va., are sponsoring. The bill would impose significant penalties for security breaches from credit-reporting agencies. Had it been in effect, Equifax would have paid at least $1.5 billion, according to a news release from Ms. Warren's office.

    The pressure from regulators is real for asset managers as well, said former SEC Chairman Harvey Pitt. "They have to care, big time. For asset managers this has enormous competitive implications." His advice is "encrypt everything" and work closely with the SEC's division of investment management. "You do what you can to shore up what the government can do," said Mr. Pitt.

    Related Articles
    Cybersecurity becoming big ESG concern
    Express Scripts clashes with DiNapoli over cyberrisk disclosure
    SEC issues guidance on corporate cybersecurity disclosure to investors
    New council to focus on best-practices in cybersecurity
    Recommended for You
    Owais Rana
    RiskFirst recruits Conning veteran to lead business development
    National Grid U.K. secures $3.4 billion buy-in with Rothesay
    National Grid U.K. secures $3.4 billion buy-in with Rothesay
    Pension plans gauge risk amid quest for gains
    Pension plans gauge risk amid quest for gains
    2023 Investment Outlook
    Sponsored Content: 2023 Investment Outlook

    Reader Poll

    March 15, 2023
    SEE MORE POLLS >
    Sponsored
    White Papers
    The Need for Speed in Trend-Following Strategies
    Global Fixed Income: Volatility and Uncertainty Here to Stay
    Morningstar Indexes' Annual ESG Risk/Return Analysis
    2023 Outlook: The Top Five Trends to Monitor in the Year Ahead
    Show Me the Income: Discovering plan sponsor and participant preferences for cr…
    The Future of Infrastructure: Building a Better Tomorrow
    View More
    Sponsored Content
    Partner Content
    The Industrialization of ESG Investment
    For institutional investors, ETFs can make meeting liquidity needs easier
    Gold: the most effective commodity investment
    2021 Investment Outlook | Investing Beyond the Pandemic: A Reset for Portfolios
    Ten ways retirement plan professionals add value to plan sponsors
    Gold: an efficient hedge
    View More
    E-MAIL NEWSLETTERS

    Sign up and get the best of News delivered straight to your email inbox, free of charge. Choose your news – we will deliver.

    Subscribe Today
    December 12, 2022 page one

    Get access to the news, research and analysis of events affecting the retirement and institutional money management businesses from a worldwide network of reporters and editors.

    Subscribe
    Connect With Us
    • RSS
    • Twitter
    • Facebook
    • LinkedIn

    Our Mission

    To consistently deliver news, research and analysis to the executives who manage the flow of funds in the institutional investment market.

    About Us

    Main Office
    685 Third Avenue
    Tenth Floor
    New York, NY 10017-4036

    Chicago Office
    130 E. Randolph St.
    Suite 3200
    Chicago, IL 60601

    Contact Us

    Careers at Crain

    About Pensions & Investments

     

    Advertising
    • Media Kit
    • P&I Content Solutions
    • P&I Careers | Post a Job
    • Reprints & Permissions
    Resources
    • Subscribe
    • Newsletters
    • FAQ
    • P&I Research Center
    • Site map
    • Staff Directory
    Legal
    • Privacy Policy
    • Terms and Conditions
    • Privacy Request
    Pensions & Investments
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • Topics
      • Alternatives
      • Consultants
      • Coronavirus
      • Courts
      • Defined Contribution
      • ESG
      • ETFs
      • Face to Face
      • Hedge Funds
      • Industry Voices
      • Investing
      • Money Management
      • Opinion
      • Partner Content
      • Pension Funds
      • Private Equity
      • Real Estate
      • Russia-Ukraine War
      • SECURE 2.0
      • Special Reports
      • White Papers
    • Rankings & Awards
      • 1,000 Largest Retirement Plans
      • Top-Performing Managers
      • Largest Money Managers
      • DC Money Managers
      • DC Record Keepers
      • Largest Hedge Fund Managers
      • World's Largest Retirement Funds
      • Best Places to Work in Money Management
      • Excellence & Innovation Awards
      • WPS Innovation Awards
      • Eddy Awards
    • ETFs
      • Latest ETF News
      • Fund Screener
      • Education Center
      • Equities
      • Fixed Income
      • Commodities
      • Actively Managed
      • Alternatives
      • ESG Rated
    • ESG
      • Latest ESG News
      • The Institutional Investor’s Guide to ESG Investing
      • ESG Sustainability - Gaining Momentum
      • ESG Investing | Industry Brief
      • Innovation in ESG Investing
      • 2023 ESG Investing Conference
      • ESG Rated ETFs
    • Defined Contribution
      • Latest DC News
      • DC Money Manager Rankings
      • DC Record Keeper Rankings
      • Innovations in DC
      • Trends in DC: Focus on Retirement Income
      • 2023 Defined Contribution East Conference
    • Searches & Hires
      • Latest Searches & Hires News
      • Searches & Hires Database
      • RFPs
    • Research Center
      • The P&I Research Center
      • Earnings Tracker
      • Endowment Returns Tracker
      • Corporate Pension Contribution Tracker
      • Pension Fund Returns Tracker
      • Pension Risk Transfer Database
    • Careers
    • Events
      • View All Conferences
      • View All Webinars
      • 2023 ESG Investing
      • 2023 Private Markets