Investors have been urged to take cybersecurity risks seriously and recognise the financial materiality of such threats to their portfolios, in a report published by Railpen in partnership with Royal London Asset Management (RLAM).
The report, Cybersecurity Risk & Resilience: Guidance for Investors, provides an evidence-based perspective on the financial materiality and threat landscape of cybersecurity risk, as well as up-to-date practical guidance for both asset owners and asset managers on how to engage with portfolio companies on the issue.
The guidance has been developed using insight from Railpen’s and RLAM’s combined engagement with companies over the past five years. The two firms are calling on investors to assess portfolio companies’ baseline approach to cybersecurity and measure their progress toward best practice, using the expectations and framework outlined in the report as a tool.
Investors are also encouraged to identify and engage with companies that face high-risk exposure, using sector-specific vulnerabilities as a lens for screening and the report’s recommended questions to initiate dialogue.
Additionally, they should participate in policy advocacy on cybersecurity, as a supportive regulatory environment “will enable improved alignment between company disclosures and investors’ expectations”.
Recently, the World Economic Forum reported that 29% of organisations had been materially affected by a cyber incident over the past 12 months alone.
Caroline Escott, senior investment manager, sustainable ownership, at Railpen, commented: “Cyber resiliency might not be a top priority for investors when building and reviewing their portfolios – but it absolutely should be. Through understanding, monitoring and influencing the behaviour of companies, we can help ensure our portfolios are resilient to material ESG risks and, as a result, protect and enhance the long-term value of members’ savings.”
In 2019, Railpen joined a coalition of investors, led by RLAM, dedicated to addressing the systemic risks surrounding this thematic stewardship issue by engaging with portfolio companies and participating in policy advocacy. This work built upon a report that same year by Railpen and Nest.
Georgina Chiu, senior engagement manager at RLAM, added: “Driving corporate change requires a collaborative effort from asset managers, asset owners, regulators and policy makers. We founded the coalition because we understand the very real threat that cyber presents to our industry, driven by geopolitical threats, the development of Generative AI and increased supply chain vulnerabilities.
“There are a number of actions investors can take to tackle the growing risk of cybersecurity to portfolio companies. This report demonstrates how we are creating a step change for the industry, by elevating stewardship from reactive engagement after a cyber incident has occurred, to a proactive dialogue on resilience.”
