Investors urged to recognise financial materiality of cybersecurity

January 10th, 2025

Railpen and Royal London Asset Management have called on investors to acknowledge cybersecurity as a key financial risk to their portfolios which must be addressed.

A joint report between the pension scheme and asset manager, ‘Cybersecurity Risk & Resilience: Guidance for Investors’, highlighted growing importance of cybersecurity as a financially material risk to investment portfolios.

It noted a sharp rise in the frequency and severity of cyberattacks in recent years, referencing the World Economic Forum’s 2024 Outlook, which revealed that 29% of organizations experienced a material impact from a cyber incident within the past year.

As a result, the duo has urged investors to identify and engage with companies facing significant cybersecurity risks, using sector-specific vulnerabilities as a screening tool.

The report suggests using its recommended questions, such as " Are there regular board discussions on cybersecurity, based on timely and accurate information that’s informed by expert guidance?”, to foster meaningful dialogue.

Investors should also participate in policy advocacy on cybersecurity because a supportive regulatory environment will enable improved alignment between company disclosures and investors' expectations, according to the report.

Thomas Bolger, Senior Stewardship Analyst at Minerva, said: “In ever increasingly online and digital world with rapid development and procurement of advanced technologies, cybersecurity is a material issue for companies and shareholders to monitor, review and respond to. Cybersecurity failures can have material financial, legal, reputational and operational impacts as well as systemic implications highlighting the need for a proactive stance. Through active monitoring, voting and engagement, investors play a vital role in encouraging and supporting portfolio companies to adopt good risk management practices which help to protect shareholder value,

This joint report by Railpen and Royal London Asset Management highlights growing investor focus on the issue and emphasises the recognition that good cyber security governance is vital for good governance in general, whilst also outlining actions investors can take to tackle the increasing cybersecurity risks faced by portfolio companies,

Minerva has long considered cyber security as part of its analysis of company governance and risk management (see the “Cyber Security: Investors are being left in the dark” by Minerva in the ICGN Yearbook 2018) and can support investors in stewardship activities and engagements with corporate boards. In particular, Minerva has a wide range of data points and voting guidelines on cyber security governance including board oversight & risk management, cyber security risk recognition, executive remuneration linkage and records of material cyber security controversies which can assist investors in applying the expectations for portfolio companies outlined in the report.”

Minerva’s blog focuses on the latest developments in ESG investing and stewardship. Minerva is a global provider of sustainable stewardship solutions with over 25 years of expertise. Minerva empowers investors by providing essential tools, including ESG research and data, enabling them to navigate the intricate landscape of stewardship and proxy voting, whilst ensuring their decisions are well-informed and aligned with sustainable principles.

You can read more of our articles by clicking here.