Investigation through collaboration
Between 2017-2019, we collaborated with 50+ institutional investors through a United Nations chief Principles for Responsible Investment initiative to work alongside companies on these issues.
Our collaboration had three main objectives:
> Improve our knowledge on what companies are doing to manage cybersecurity risks (specifically assessing their policies and governance structures)
> Engage and encourage an expansion of the quality of disclosure
> Broadcast more broadly to the market about where we see things going, and develop a best practice regime to point towards
Talking to companies revealed significant gaps in public cybersecurity-related disclosures. Some companies are still only in the early stages of building an understanding of the issue, while others are concerned that too much disclosure may unintentionally benefit hackers.
Overall, though, companies were very open to dialogue, and willingly made their experts (usually information security officers or data protection officers) available to give investors a good insight into how they are managing cybersecurity risks.
> Board oversight of cyber security issues increased quite significantly between 2017-2019.
> By 2019, most companies engaged had allocated responsibility for cyber security at the Board level.
> Most companies engaged did not rule out the possibility of appointing directors with specific cyber security skills. However, they did not flag this as a priority criterion for Board appointments.
> Many companies revealed they were prioritising training to address gaps in Board knowledge and expertise.
> Companies’ efforts to address cyber security risks through their entire data supply chain were inconsistent and generally lacking.
Overall, companies have significantly increase their investments in cyber security in the last few years, increasing their capacity to deal with security issues and protect data.
Want to know more? Read the full UN PRI report to discover the details of our findings.
The power of collaboration
By speaking to companies with a unified voice, investors can more effectively communicate their concerns whilst gaining power and legitimacy from the perspective of corporate management. Furthermore, collaborations can help build knowledge and skills whilst enhancing engagement efficiency.