How cyber risk has changed post Covid
How cyber risk has changed post Covid
It might not be surprising that cyber criminals have taken advantage of coronavirus and the rush to remote working. The age of cyber warfare was upon us even before the crisis.
New research suggests online fraudsters are boosting their attacks at an alarming pace, and it’s thought multimillion dollar ransoms could be at stake.
Interpol, the inter-governmental organisation which helps police in 194 member countries, has assessed cyber crime since the Covid-19 pandemic. It has reported that criminals have shifted their targets to big firms, governments and infrastructure.
Meanwhile PwC’s Threat Intelligence team found that by 20 May this year more than 150 organisations globally had their data published on leak sites. More than 60% occurred after 11 March when the World Health Organisation first declared the Covid outbreak to be a pandemic.
Garmin, the smart-watch maker, camera-maker Canon, and technology giant Intel are among recently-reported victims of hacking.
Andrew Howard, Global Head of Sustainable Investment at Schroders, says the crisis is “accelerating a shift in business models, which exacerbates the threats”.
He adds: “Our own analysis shows increased cyber attacks registered by US enforcement agencies, for example. Failure to manage that risk could prove fatal to companies in a world where regulations and fines for breaches are becoming punitive.
“As an active investor, we will continue to actively question those we believe are falling short of expectations.”
Our Sustainable Investment Analyst Ovidiu Patrascu explains in more detail.
Why should investors care about increased cyber attacks?
"Cyber is an increasingly critical source of business risk, especially for companies with important intangible assets such as brands, customer relationships or technology. The negative impact a data breach can have on a brand links straight to a company's competitiveness, future revenues and future cash flows.
"Data breaches often uncover poor governance practices and weak management. Changing people or policies is quick but re-establishing market and customer trust take much longer."
How does targeted company engagement help tackle cyber crime risks?
"In our view, investors should focus on understanding how well a company prepares for cyber events. The depth of its approach should give confidence that when (not if) a breach occurs, processes and resources are in place to minimise the impact.
"Building that understanding means going beyond a formulaic assessment of policies. We believe direct company engagements are the best way to gain insights. We have delved into the topic focusing on a few main areas – governance, expertise and technology. We have engaged with Chief Information Security Officers (CISO) or Data Protection Officers (DPOs) across sectors such as financial services, technology and telecoms."
What should companies be doing to minimise risks of cyber crime?
"It is critical that the company has a well-resourced and specialised cyber security team, managed by a CISO or DPO, preferably reporting to the CEO or the board. The security team should also leverage specialised external expertise on a regular basis to stay on top of new threats and security tools. Internally, the team should have direct ownership of specific technological tasks such as penetration testing, a simulated cyber attack.
"The board should have specific expertise to evaluate whether the company has the appropriate operational and managerial resources to mitigate cyber risk."
- Earlier this summer Schroders’ sustainable investment team shared how sustainability will be fundamental to progress in the face of some “inescapable truths”. The fast-tracking of digital life is one of six key areas that point to a changing role of the corporate sector in society.
Important Information: This communication is marketing material. The views and opinions contained herein are those of the author(s) on this page, and may not necessarily represent views expressed or reflected in other Schroders communications, strategies or funds. This material is intended to be for information purposes only and is not intended as promotional material in any respect. The material is not intended as an offer or solicitation for the purchase or sale of any financial instrument. It is not intended to provide and should not be relied on for accounting, legal or tax advice, or investment recommendations. Reliance should not be placed on the views and information in this document when taking individual investment and/or strategic decisions. Past performance is not a reliable indicator of future results. The value of an investment can go down as well as up and is not guaranteed. All investments involve risks including the risk of possible loss of principal. Information herein is believed to be reliable but Schroders does not warrant its completeness or accuracy. Some information quoted was obtained from external sources we consider to be reliable. No responsibility can be accepted for errors of fact obtained from third parties, and this data may change with market conditions. This does not exclude any duty or liability that Schroders has to its customers under any regulatory system. Regions/ sectors shown for illustrative purposes only and should not be viewed as a recommendation to buy/sell. The opinions in this material include some forecasted views. We believe we are basing our expectations and beliefs on reasonable assumptions within the bounds of what we currently know. However, there is no guarantee than any forecasts or opinions will be realised. These views and opinions may change. To the extent that you are in North America, this content is issued by Schroder Investment Management North America Inc., an indirect wholly owned subsidiary of Schroders plc and SEC registered adviser providing asset management products and services to clients in the US and Canada. For all other users, this content is issued by Schroder Investment Management Limited, 1 London Wall Place, London EC2Y 5AU. Registered No. 1893220 England. Authorised and regulated by the Financial Conduct Authority.