Karin Halliday
Manager, Corporate Governance

As technology advances and we become increasingly more connected, the risk of cyber crime and data corruption rises. Shareholders are seeking assurance that the companies they invest in are prioritising data and cyber security at a board level.

Shareholders should – and are –becoming increasingly savvy to the impact data and cyber security can have on their investments.

With the security risks that are presented by data collection and storage, and with cyber crime an inevitable by-product of our escalating online existence, shareholders want to be confident that boards have the issue of cyber security firmly on their radars.

The contribution technology makes to a company’s value is no longer driven purely by access to data but rather by how efficiently a company captures, manages, understands, leverages and protects that data.

Understanding a company’s approach to cyber-attacks helps us understand their quality of governance, risk management and leadership. Well-governed companies are more likely to have a better understanding of the cyber risks they face.

The way in which companies answer questions about cyber security provides valuable insight into the general quality of the company’s governance and risk management.

Nine questions to help protect your investment

  1. Does the board understand cyber security risks?
  2. Has the board identified the aspect of their business at greatest risk? What information, processes, long-developed intellectual property is core to the business’ success?
  3. Has the company identified how that data or process could be compromised or stolen?
  4. Has appropriate data security been put in place and subjected to regular testing, including external independent review?
  5. Does access to sensitive data require strong passwords and/or second-level authentication?
  6. Does the board/senior management possess the necessary skills to truly understand the risk-management practices that have been put in place to mitigate against the risk of cyber-attack?
  7. Are they confident breaches will be detected promptly?
  8. If a breach were to occur, how quickly could the company respond?
  9. What is the process for notifying affected customers/stakeholders?

More connections comes with higher risk

The widening reach of technology means we are more connected now than we ever have been, but also more vulnerable. While stored data is used to benefit consumers and tailor products, services, offerings and communication to their needs and preferences – it also increases the risk of cyber-crime.

It goes without saying that companies need to be increasingly vigilant in protecting the integrity and privacy of data systems. While it may be costly for companies to implement processes and systems to adequately protect their data, inadequate protection could potentially be even more costly.

Why does data security matter more now than ever before?

Financial implications for investors

The average loss for a breach of one thousand records is forecast between A$52,000 and A$87,000, with larger companies suffering higher losses per breach. Companies in the energy and utilities sector experienced the highest average cost of cyber-crime at A$8.3 million, while the retail sector experienced the lowest at A$1.4 million annually.

Ultimately, a loss to the company equates to less take-home profits for shareholders and in some cases, even greater losses over the long-term due to reputational damage.

Looking beyond the financial statements and considering Environmental Social and Governance (ESG) factors such as data security can uncover the greatest drivers of company value and lead to better informed investment decisions, and potentially higher returns.

While specific sustainability drivers will vary between industries, there is a clear correlation between how effectively a company manages ESG factors and financial returns.

Read more about this issue in the latest ESG Corporate Governance report.

Karin Halliday

Karin Halliday was appointed to her current position with AMP Capital in May 2000. She is responsible for determining how AMP Capital votes on behalf of the firm and its clients at all meetings held by the Australian companies in which AMP Capital invests.

Important note: While every care has been taken in the preparation of this article, AMP Capital Investors Limited (ABN 59 001 777 591, AFSL 232497) and AMP Capital Funds Management Limited (ABN 15 159 557 721, AFSL 426455) makes no representations or warranties as to the accuracy or completeness of any statement in it including, without limitation, any forecasts. Past performance is not a reliable indicator of future performance. This article has been prepared for the purpose of providing general information, without taking account of any particular investor’s objectives, financial situation or needs. An investor should, before making any investment decisions, consider the appropriateness of the information in this article, and seek professional advice, having regard to the investor’s objectives, financial situation and needs. This article is solely for the use of the party to whom it is provided.