Asset managers should be doing more to address the financial materiality concerns of cybersecurity breaches, according to a report published jointly by Railpen and Royal London Asset Management.
Railpen manages about £34 billion ($43.3 billion) of assets for the Railways Pension Scheme, London.
Within the cybersecurity risk and resilience report, Railpen provided the “asset owners perspective” that certain environmental, social and governance factors, such as cybersecurity, have a material impact on the value of the companies in which asset owners are invested.
“Recognising the importance of cybersecurity resilience, we would encourage asset managers to develop their understanding of the financial materiality of cybersecurity, use the investor expectations as a tool for engagement with companies that face a high level of risk, and report on progress to their clients,” Railpen said in the report.
The report cited data collected by security research firm Comparitech that showed companies that suffered a cybersecurity breach underperformed the Nasdaq by 3.2 percentage points on average in the six months following the disclosure of an incident.
Also noted in the report was that about 40% of chief information security officers surveyed by cybersecurity firm Proofpoint in May conceded that their organization is unprepared to cope with a targeted cyberattack.
"Cyber resiliency might not be a top priority for investors when building and reviewing their portfolios — but it absolutely should be," said Caroline Escott, senior investment manager for sustainable ownership at Railpen, in a news release attached to the report. "The World Economic Forum reports that 29% of organizations have been materially affected by a cyber incident over the past 12 months alone."
“Railpen follows the evidence to understand how issues such as cybersecurity affect the value of the companies we invest in,” Escott said.
The report went on to recommend four pillars of approach to address cybersecurity concerns: increased governance including robust board oversight; due diligence over supply chains, and mergers and acquisitions; fostering a resilient culture; and collaborating with peers and government bodies on the issue.
In 2019, Railpen joined a coalition of investors, led by Royal London Asset Management, dedicated to addressing the systemic risks surrounding cybersecurity by engaging with portfolio companies and participating in policy advocacy. This work built on a report that same year published by Railpen and the £43 billion National Employment Savings Trust, London.
