In focus

How cyber risk has changed post Covid

It might not be surprising that cyber criminals have taken advantage of coronavirus and the rush to remote working. The age of cyber warfare was upon us even before the crisis.

New research suggests online fraudsters are boosting their attacks at an alarming pace, and it’s thought multimillion dollar ransoms could be at stake.

Interpol, the inter-governmental organisation which helps police in 194 member countries, has assessed cyber crime since the Covid-19 pandemic. It has reported that criminals have shifted their targets to big firms, governments and infrastructure.

Meanwhile PwC’s Threat Intelligence team found that by 20 May this year more than 150 organisations globally had their data published on leak sites. More than 60% occurred after 11 March when the World Health Organisation first declared the Covid outbreak to be a pandemic.

Garmin, the smart-watch maker, camera-maker Canon, and technology giant Intel are among recently-reported victims of hacking.

Andrew Howard, Global Head of Sustainable Investment at Schroders, says the crisis is “accelerating a shift in business models, which exacerbates the threats”.

He adds: “Our own analysis shows increased cyber attacks registered by US enforcement agencies, for example. Failure to manage that risk could prove fatal to companies in a world where regulations and fines for breaches are becoming punitive.

“As an active investor, we will continue to actively question those we believe are falling short of expectations.”

Our Sustainable Investment Analyst Ovidiu Patrascu explains in more detail.

Why should investors care about increased cyber attacks?

"Cyber is an increasingly critical source of business risk, especially for companies with important intangible assets such as brands, customer relationships or technology. The negative impact a data breach can have on a brand links straight to a company's competitiveness, future revenues and future cash flows.

"Data breaches often uncover poor governance practices and weak management. Changing people or policies is quick but re-establishing market and customer trust take much longer."

How does targeted company engagement help tackle cyber crime risks?

"In our view, investors should focus on understanding how well a company prepares for cyber events. The depth of its approach should give confidence that when (not if) a breach occurs, processes and resources are in place to minimise the impact.

"Building that understanding means going beyond a formulaic assessment of policies. We believe direct company engagements are the best way to gain insights. We have delved into the topic focusing on a few main areas – governance, expertise and technology. We have engaged with Chief Information Security Officers (CISO) or Data Protection Officers (DPOs) across sectors such as financial services, technology and telecoms."

What should companies be doing to minimise risks of cyber crime?

"It is critical that the company has a well-resourced and specialised cyber security team, managed by a CISO or DPO, preferably reporting to the CEO or the board. The security team should also leverage specialised external expertise on a regular basis to stay on top of new threats and security tools. Internally, the team should have direct ownership of specific technological tasks such as penetration testing, a simulated cyber attack.

"The board should have specific expertise to evaluate whether the company has the appropriate operational and managerial resources to mitigate cyber risk."

For Accredited Investors Only. This document is intended to be for information purposes only and it is not intended as promotional material in any respect. The material is not intended as an offer or solicitation for the purchase or sale of any financial instrument and is not intended to provide and should not be relied upon for accounting, legal or tax advice, or investment recommendations.

The information in this market outlook is derived from sources which we consider to be reliable. However, it may not in all cases be verified independently and we do not attest to its completeness or accuracy. No responsibility can be accepted for errors of fact or opinion. Forecasts may be the consensus of extremely divergent possibilities and the full range of potential outcomes should be appreciated. No representation or warranty is made that any value (or proximity to) any value, return or forecast will be achieved. The opinions expressed are those of employees of Schroder & Co. (Asia) Limited, and reflect their judgement at this date and are subject to change. Reliance should not be placed on the views and information in this market outlook when taking individual investment and/or strategic decisions. 

No part of this document may be reproduced in any manner without the prior written permission of Schroder & Co. (Asia) Limited.

Contact Schroders Wealth Management

To discuss your wealth management requirements, or to find out more about our services, please contact:

Jasper Lai

Jasper Lai

Head of Client Advisory