There was an interesting article in today's Times - "Investors must pay closer attention to cyber threats".
The thrust of the article is twofold, firstly that investors should demand more information from companies about their strategies for fighting cybercrime as it poses a significant investment risk and secondly, that some experts believe that a new regulatory body is required to monitor companies' cyber defences, similar to how the FRC operates the Corporate Governance Code.
In regard to the former, we believe that investors need to ask tough questions of the companies in which they invest, such as strategies for fighting cyber crime and demand greater disclosure of cyber attacks in annual reports. Investors need to know whether companies treat the risk of cyber crime seriously and whether there are adequate cyber defences in place to mitigate the risks. Serious questions need to be asked of the Board of Directors whether it has taken 'ownership' of the potential risks or whether the Board is merely paying lip service to the potential threat. Does a particular Board genuinely understand cyber issues? Is there a specific individual on the Board who is tasked with implementing necessary controls? A starting point might be to analyse companies' spend on cyber security and how this compares with comparable companies. At least, investors can then get a comparative sense of how seriously companies view the potential risks.
In regard to the suggestion that a new regulatory body is required to monitor cyber defences, we have reservations. Layer upon layer of regulation rarely works. The shortcomings of the FRC have been laid bare by MP's in particular, and it is questionable whether a new regulatory body which monitors companies' cyberdefences would be effective. We believe the solution lies with Investors who must satisfy themselves before they invest, that companies treat the potential threats seriously. The world's largest Sovereign Wealth Fund, Norges Bank, has publicly stated that it expects the companies in which it invests to adopt the highest anti-corruption standards. Good. Other investors should follow suit and if they have concerns, they should avoid the shares.
build a picture of