The PRI today launched findings on how seriously corporates are taking the issue of cyber security, with the publication of Stepping up governance on cyber security: what is corporate disclosure telling investors?
The research evaluated the public disclosure of 100 companies on cyber security, covering 14 indicators on aspects such as policy, governance and flow of communication, access to expertise, training and assessment, and other procedures.
According to the World Economic Forum’s latest report on global risks, cyber security is ranked as one of the top five risks to businesses, reaffirming the need for company boards to prioritise this issue.
From an investor’s perspective, the business case to engage with companies on this topic is clear-cut. There are many forms of cyber security threats and related incidents can cripple business operations, materialise into legal and regulatory risks, and have adverse impacts on portfolio company valuation and earnings.
Given the potential financial and regulatory impact of cyber breaches, it is critical for investors that companies acknowledge cyber security-related risks and demonstrate through their reporting robust measures to mitigate these risks.
However, the PRI has found that corporate reporting on this topic often falls short of these expectations, creating difficulties for investors to draw conclusions around how companies are positioned to identify, manage and remediate a potential cyber security breach.
To better understand this, and to improve company disclosure on cyber security governance and processes, 53 institutional investors representing more than $12 trillion in AUM are collectively engaging with global companies in the healthcare, financial, consumer goods, information technology and communications.
“Boards need to work closely with senior management to escalate the message across the organisation that security is everyone’s problem,” said Fiona Reynolds, CEO, the PRI. “Board members could start by ensuring that cyber security is on the agenda at board meetings. If these issues are delegated to senior management, then the board must have regular updates from those individuals in order to stay current on the topic.”
Click here for the full PDF.
For more information contact:
Head of PR
The Principles for Responsible Investment (PRI)
00 44 (0)203 714 3143