60 seconds on why investors should care about data security risk

A new study from our Environmental, Social and Governance (ESG) team looks at the increasing importance of data security and how it provides opportunities and risks for companies and investors.


Sophie Rahm

ESG Analyst

Cybercrime threat

Industry surveys as well as recent data breaches have highlighted the increasing importance of data security for companies.

The annualised cost of cybercrime is thought to have risen by 26% to $11.6 million per company in 2013, according to the Ponemon Institute, an independent research group.


In general, risk and reward appears to be more broadly balanced than in the recent past.

The costs of data insecurity and vulnerability are real and can hit businesses in a number of ways.

A data breach can lead to significant internal costs for companies, large or small, such as the need to invest in detection and recovery systems. Externally, data breaches can lead to business disruptions, information or intellectual property theft, revenue losses and erosion of customer confidence.

More stringent regulations across the globe, particularly in the US and Europe, are likely to put data security and privacy under the spotlight. Expected regulatory changes are likely to force companies to incur additional compliance costs, as well as fines and/or litigation awards. According to the World Economic Forum, a robust cyber resilient environment spanning the public and private sectors could create between $10 trillion and $22 trillion in economic value between now and the end of the decade.

The global cybersecurity solutions market is expected to grow from $64 billion in 2011 to $120 billion by 2017. Business and consumer demand for cybersecurity products increased by 15% and 10%, respectively, between 2011 and 2013. Additionally, the US cyber insurance market could reach as much as $2 billion in 2014.

We consider the most vulnerable sectors to be software & services, telecommunications services, retailing, banks and diversified financials, although the growth and penetration of new information technologies is likely to extend the risk to all business sectors.

A number of best-practice measures, ranging from the adoption of a company policy to strategic integration of data security risk, can help demonstrate better assimilation of these issues within a business.

Investors can address the topic of data security risk in their conversations with companies and we propose a set of 10 cybersecurity questions.

The full report can be found at the link below.