search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
ESG – Cyber risk


breaches can be huge. For example, criminals accessed the per- sonal details of 3 billion people when they broke into Yahoo’s system in 2013. But it is not just larger, multi-national busi- nesses that are being targeted. “No company is free from a potential cyberattack” Burger says. “Mega-cap corporates are a target because of their size, but even small, unlisted companies are targets; we have seen sig- nificant amounts of cash siphoned off from their bank accounts because their security is not robust enough.” One of the trends in cybersecurity is hackers’ growing focus on healthcare. The NHS has proved its value during the current pandemic making it an ideal target for hackers. It has been tar- geted by such criminals on more than one occasion. In one such attack, hackers attempted to ransom patient files. Hospi- tals in France and Italy have also been targeted. “Hospitals may be more vulnerable to such attacks because their cybersecurity resilience is under increased strain in deal- ing with the crisis,” Childe says. It is not just weaker defences that make hospitals a target for hackers. “Health data often goes at a premium in the black market because it is the type of data that cannot be changed,” she adds. “We can change our banking information, but not our personal health data.”


The rise in keeping electronic records has led to an increase in privacy risk, a trend that has been noticed by Robeco. Cyberse- curity is one of the top five issues the asset manager discusses with its healthcare portfolio companies as part of its engage- ment strategy. BNP Paribas Asset Management is also working to get compa- nies to disclosure more information on their cybersecurity per- formance. “It is an ongoing dialogue,” Rames says. “The more questions we ask, the more we understand. That is an area of focus for us. It is an ongoing conversation.” To help assess corporates on their cybersecurity performance relative to its peers, Robeco has created dVaR, a cybersecurity score. “Using publicly available data, we are able to break open the black box, giving us greater insight into the cyber risk and resilience of each analysed company,” van der Werf says. He adds that the scoring system was developed in 2017 due to a lack of information for investors to assess at what level com- panies are monitoring and managing cybersecurity risks within their business. Robeco has seen a rise in management giving more attention to cybersecurity and shareholders are voting to make dealing with the issue part of the executive bonus system. “It is an evolution,” Burger says. “The attackers continue to up their game, so companies have to keep doing the same to coun- ter that threat.” Paul McGlone, a partner at Aon, adds that this is one of those wars that swings to and fro. “The number of successful attacks


36 | portfolio institutional May 2020 | issue 93


has been increasing because the number of attacks is increasing. “We are more aware now than ever before of the things that could happen, but I suspect that proportionally fewer attacks are getting through, but the number of attacks that are taking place means that the number that get through is on the rise. “The defences out there are good and when I hear the cyber experts talking about the steps that they are taking to mitigate the risk, it is a fairly finely balanced war and there will be swings to and fro,” he adds. Burger explains that when assessing a company’s network security, governance considerations are an essential part of due diligence: Is cyber risk part of the formal risk strategy and framework? Is there accountability and responsibility through- out the organisation from the board down to those who are managing or reacting to risks? For Rames, you cannot protect corporates from every risk and so setting cybersecurity policies and procedures to prevent sys- tem breaches is not enough. “If the system is compromised, they also need a plan to protect the system and ensure minimal damage is caused,” she adds.


We are all connected now


The issue is that technology is changing rapidly. The invention of smart devices has changed how people do business and criminals are adapting. Employees are more likely to work from the cloud than a server these days and so hackers have changed how they are targeting companies. Rather than trying to breach a company’s firewall,


Cybercrime is not only about stealing information.


Ian Burger, Newton Investment Management


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48