60 seconds on why investors should care about data security risk

A new study from our Environmental, Social and Governance (ESG) team looks at the increasing importance of data security and how it provides opportunities and risks for companies and investors.

18 December 2014

Sophie Rahm

ESG Analyst

Cybercrime threat

Industry surveys as well as recent data breaches have highlighted the increasing importance of data security for companies.

The annualised cost of cybercrime is thought to have risen by 26% to $11.6 million per company in 2013, according to the Ponemon Institute, an independent research group.


In general, risk and reward appears to be more broadly balanced than in the recent past.

The costs of data insecurity and vulnerability are real and can hit businesses in a number of ways.

A data breach can lead to significant internal costs for companies, large or small, such as the need to invest in detection and recovery systems. Externally, data breaches can lead to business disruptions, information or intellectual property theft, revenue losses and erosion of customer confidence.

More stringent regulations across the globe, particularly in the US and Europe, are likely to put data security and privacy under the spotlight. Expected regulatory changes are likely to force companies to incur additional compliance costs, as well as fines and/or litigation awards. According to the World Economic Forum, a robust cyber resilient environment spanning the public and private sectors could create between $10 trillion and $22 trillion in economic value between now and the end of the decade.

The global cybersecurity solutions market is expected to grow from $64 billion in 2011 to $120 billion by 2017. Business and consumer demand for cybersecurity products increased by 15% and 10%, respectively, between 2011 and 2013. Additionally, the US cyber insurance market could reach as much as $2 billion in 2014.

We consider the most vulnerable sectors to be software & services, telecommunications services, retailing, banks and diversified financials, although the growth and penetration of new information technologies is likely to extend the risk to all business sectors.

A number of best-practice measures, ranging from the adoption of a company policy to strategic integration of data security risk, can help demonstrate better assimilation of these issues within a business.

Investors can address the topic of data security risk in their conversations with companies and we propose a set of 10 cybersecurity questions.

The full report can be found at the link below.

Important Information: This communication is marketing material. The views and opinions contained herein are those of the author(s) on this page, and may not necessarily represent views expressed or reflected in other Schroders communications, strategies or funds. This material is intended to be for information purposes only and is not intended as promotional material in any respect. The material is not intended as an offer or solicitation for the purchase or sale of any financial instrument. It is not intended to provide and should not be relied on for accounting, legal or tax advice, or investment recommendations. Reliance should not be placed on the views and information in this document when taking individual investment and/or strategic decisions. Past performance is not a reliable indicator of future results. The value of an investment can go down as well as up and is not guaranteed. All investments involve risks including the risk of possible loss of principal. Information herein is believed to be reliable but Schroders does not warrant its completeness or accuracy. Some information quoted was obtained from external sources we consider to be reliable. No responsibility can be accepted for errors of fact obtained from third parties, and this data may change with market conditions. This does not exclude any duty or liability that Schroders has to its customers under any regulatory system. Regions/ sectors shown for illustrative purposes only and should not be viewed as a recommendation to buy/sell. The opinions in this material include some forecasted views. We believe we are basing our expectations and beliefs on reasonable assumptions within the bounds of what we currently know. However, there is no guarantee than any forecasts or opinions will be realised. These views and opinions may change.  To the extent that you are in North America, this content is issued by Schroder Investment Management North America Inc., an indirect wholly owned subsidiary of Schroders plc and SEC registered adviser providing asset management products and services to clients in the US and Canada. For all other users, this content is issued by Schroder Investment Management Limited, 31 Gresham Street, London, EC2V 7QA. Registered No. 1893220 England. Authorised and regulated by the Financial Conduct Authority.