NORTHAMPTON, MA / ACCESSWIRE / December 28, 2022 / alliance bernstein
Hacker attacks and data breaches have made cyber and data security a top priority for every company. As the digital world grapples with the need for more secure defenses, investors must contend with governance issues and growing business risks.
Cyber and data security are hot topics across the industry. Evolving threats require companies to continually assess their defenses and readiness to minimize the damage from potential attacks. Public statements of preparedness often overestimate the actual level of protection.
Despite corporate perceptions, cybersecurity is not a priority for many investors. We believe this is wrong, especially since governance issues are an important component of Environmental, Social and Governance (ESG). Companies that are unprepared risk financial losses, penalties and reputational damage that can damage their business and brand and undermine the return potential of their stocks and bonds. We spoke with cybersecurity experts from multiple disciplines to review the regulatory landscape and provide guidelines for investors in assessing cyber risk management.
Calculate the cost of escalating attacks
Cyberattacks are very costly. According to cybersecurity firm SonicWall, at least 2.8 billion malware attacks will be recorded worldwide in the first half of 2022, an 11% increase over the past 12 months.
According to a Ponemon Institute and IBM Security study, the cost of a data breach in 2022 will average $4.4 million per breach. Recovery costs depend on the sophistication of a company’s systems and whether remote work, which tends to increase costs, was a factor.
Some industries are more at risk than others (displays). But in today’s online world, no company is safe. Increased risks have tightened regulations. In the United States alone, he has three new regulations announced in the past year. SEC Cybersecurity Regulations, Critical Infrastructure Cyber Incident Reporting Act, Ransomware and Financial Stability Act of 2021. Cyberattacks spiked as the war between Russia and Ukraine began. In this evolving environment, businesses cannot afford to ignore this issue.
What are the biggest challenges for companies?
Many companies are addressing risk by moving their on-premises data centers and security to cloud-based solutions. The pace is accelerating as issuers with smaller cloud storage capacities migrate to better system synchronization. But cloud-based security raises new concerns. We hear some common themes from cybersecurity experts.
Building infrastructure: Organizations face two key dilemmas: choosing from a multitude of security providers and vendors, and managing them. Creating a single dashboard to manage the network for various solutions, from endpoint protection to cloud system parameter solutions, is a common problem, said one vendor who installs various cloud security platforms. And with so many similar options available, some organizations are paralyzed. It takes too long to fully adapt instead of establishing the initial infrastructure to update over time.
System monitoring, training and governance: After the infrastructure is complete, companies need appropriately trained staff to monitor and run the system, as well as a governance structure to maintain its integrity. Streamlining various internal systems and security vendor products requires time and resources. The challenge is further compounded by the fact that many major security providers are aggressive acquirers of smaller companies and their products can get out of sync.
What is the definition of a strong cybersecurity governance structure? First, a clear reporting structure to the board committees responsible for oversight is essential, and jargon-free reporting that is easily understood by directors without cyber expertise. is essential. Similarly, a simple matrix classifying “high, medium, and low” risk and a report on mitigation actions and threat classifications would be helpful. General counsel, boards and business managers will need to interact more frequently with her information security team as governance matures. Oversight should extend to the employees running and monitoring the system. Also, companies need to realize that the vendor they choose matters. The more popular the service, the more specialists the system can run.
Increased cost of implementation/resources: Many CIOs say they struggle with costs. In some cases, an engineer making her one change to one of her servers can significantly increase the total cost of the entire system over time. Additionally, many vendors do not clearly explain the rising costs of monitoring and maintaining a robust cybersecurity infrastructure. By reviewing employee additions and using a forward-looking infrastructure cost model, you can avoid these pitfalls, especially for businesses with less dedicated cyber resources. The cost of cyber insurance is another factor. Your benefits may decrease if new vendors are added, systems are updated, or coverage decreases. For example, Lloyd’s of London recently announced it would stop selling insurance against government-sponsored cyberattacks.
How can investors assess cyber risk management?
Investors need to ask the right questions and focus on budgets to assess a company’s cyber strategy and actions. How are cyber incidents reported to the board? How are risks monitored and escalated? What types of system testing and response plans are in place? Are employees prepared for attacks? Do you have?
Discussions with directors and management can provide important evidence of cyber capabilities. In our recent engagements, we found that companies that are highly aware of the risks are more willing to discuss this topic and provide more detail on governance, reporting and training. A vague or canonical answer may indicate that your company is less threat-prepared, lags behind its peers, and is more vulnerable to attacks. A cyber budget provides key insights into strategy and actions. Transparency of spending on cyber insurance, resources, vendors or in-house builds help complete the picture.
A coherent strategy against complex threats
As threats grow, businesses must step up their efforts to counter attacks and protect data and systems. Many small businesses are at a relatively early stage in their cybersecurity efforts and may face greater risks as they have gaps in their systems that may attract attacks.
For businesses of all sizes, investors should take a closer look at the cyber systems in place and dig deeper into security governance, resources and reporting. By using consistent strategies in each area, businesses can prevent and be better prepared to respond to cyberattacks. Regular engagement with management on these issues enables investors to incorporate a company’s cybersecurity profile into a broader risk assessment of potential portfolios and holdings.
Robert Keehn, Proxy and ESG Engagement Associate on AB’s Responsible Investment team, contributed to this analysis.
The views expressed herein do not constitute research, investment advice or trading recommendations and do not necessarily represent the views of all AB Portfolio Management Teams and are subject to revision over time. I have.
Learn more about AB’s approach to liability here
See additional multimedia and other ESG storytelling by AllianceBernstein at 3blmedia.com.
Spokesperson: Alliance Bernstein
Email: [email protected]
sauce: alliance bernstein
View source version on accesswire.com: