More and more personal and business information worldwide is rapidly migrating into digital form on open and globally interconnected technology platforms. This trend poses serious risks to data security and privacy. Hardly a day goes by without news of a new cyber threat or a major data breach. Hackers, criminals and foreign governments have adapted their theft, fraud and sabotage activities to this increasingly interconnected world. The growing threat of cybercrime — and the opportunities it brings — is a new facet of responsible investing.
US whistleblower Edward Snowden’s actions have put data privacy firmly on the agenda of businesses, making the topic a corporate responsibility issue. The former National Security Agency contractor’s disclosures revealed the extent of government surveillance of internet communications. Companies such as Facebook and Google had to “defend” themselves when it became apparent that they were turning user data over to the US government in response to legal orders.
A common misconception is that attackers are outsiders. Unfortunately, they are quite frequently insiders: a current or former employee, a service provider, an authorized user of internal systems or a contractor. We are often not aware of these insider incidents and we underestimate their impact. In its 2014 US State of Cybercrime Survey of more than 500 executives of US businesses, law enforcement services and government agencies, PwC found that only 49% of all respondents had a plan for responding to insider threats.
A June 2014 report published by the Center for Strategic and International Studies (CSIS) concluded that the US, China and Germany together suffer an estimated $200 billion a year in cybercrime losses. A look at the corporate sector shows that a large majority of firms are still in the development phase of their cyber risk management capabilities. They are looking for ways to better understand which information assets need to be protected, who their attackers are and what defence mechanisms are most effective.
It’s not all bad news. Cyberspace is constantly evolving and businesses are eager to adopt new technologies, such as using the Internet to open new channels and adopting cloud services. These developments create vast opportunity but they also bring unanticipated risk. The cybersecurity sector is growing rapidly, and companies with the foresight to take advantage of these emerging trends have the potential to create value.
Today’s most successful and cyber-resilient organizations are appointing officers to oversee all activities in cyberspace and advise the management board. One of the main questions in the data-privacy area is whether companies are too willing to pass data on to governments. Vodafone has taken the lead in this debate by reporting government requests for customer personal data in each of 29 countries.
While the main players have already taken many steps in the right direction, there is still a long way to go. Technological systems are becoming more complex and therefore harder to secure. Procedures need to be simplified and dependencies need to be reduced, for example by moving toward more loosely coupled systems. Executives also need to take timely steps to improve their companies’ cyber resilience capabilities. Over time, this will also enhance companies’ collaboration with partners in public and international policy, as well as community and systemic responses.
Businesses need to make sure customers trust them. Trust can make or break deals. The private and public sectors need to invest more in attracting, retaining and rewarding cybersecurity talent. One option is providing opportunities to “bad guy” hackers to become “good guy” hackers.
How do investors ‘play’ this theme?
Investors can benefit from the data security and privacy theme in many ways. This can be done for example by investing in companies whose business models are clearly linked to areas such as consumer security, content security, critical infrastructure, data encryption, enterprise security, firewalls, intrusion detection, mobile security and web security. Also important is engagement with companies in all sectors on how well they are protected against cyber-attacks and what initiatives in data security and privacy they have taken. At NN Investment Partners, we believe that cyber security merits special attention from companies. We urge them to protect sensitive data entrusted to them by their clients.
Disclaimer
The elements contained in this document have been prepared solely for the purpose of information and do not constitute an offer, in particular a prospectus or any invitation to treat, buy or sell any security or to participate in any trading strategy. This document is intended forpress use only. While particular attention has been paid to the contents of this document, no guarantee, warranty or representation, express or implied, is given to the accuracy, correctness or completeness thereof. Any information given in this document may be subject to change or update without notice. Neither NN Investment Partners Holdings N.V. nor any other company or unit belonging to the NN Group or the ING Groep, nor any of its officers, directors or employees can be held direct or indirect liable or responsible with respect to the information and/or recommendations of any kind expressed herein. The information contained in this document cannot be understood as provision of investment services. If you wish to obtain investment services please contact our office for advice. Use of the information contained in this document is solely at your risk. Investment sustains risk. Please note that the value of your investment may rise or fall and also that past performance is not indicative of future results and shall in no event be deemed as such. This document is not intended and may not be used to solicit sales of investments or subscription of securities in countries where this is prohibited by the relevant authorities or legislation. Any claims arising out of or in connection with the terms and conditions of this disclaimer are governed by Dutch law.
NN (L) European High Yield is a subfund of NN (L), established in Luxembourg. NN (L) is duly authorised by the Commission de Surveillance du Secteur Financier (CSSF) in Luxembourg. Both funds are registered with the CSSF. For more detailed information about the investment fund we refer to the prospectus and the corresponding supplements. In relation to the investment fund mentioned in this document a Key Investor Information Document (KIID) has been published containing all necessary information about the product, the costs and the risks which may occur. Do not take unnecessary risk. Read the prospectus and the KIID before investing. Investments are accompanied by risks. The value of your investments depends in part upon developments on the financial markets. In addition, each fund has its own specific risks. See the prospectus for fund-specific costs and risks. The prospectus, supplement and the Key Investor Information Document are available on the following website: www.nnip.com. This document is not directed at, and must not be acted upon by citizens of the United States (US) and is otherwise only directed at persons residing in jurisdictions where the relevant share classes/(sub)funds are authorised for distribution or where no such authorisation is required.
By Nina Hodzic, Senior ESG Specialist
BIO: Nina is responsible for ESG analysis and reporting, screening methods, proxy voting and communication with various internal and external parties on sustainability topics. Nina also advises clients on their responsible investment policy and is actively involved in setting up responsible investment client solutions across different asset classes. She is global coordinator UNPRI for NN IP, member of the NN IP ESG Board and member of the NN IP Proxy Voting Committee.
Business Experience: 2008-to date Senior Environmental, Social, Governance Specialist
About NN Investment Partners
As of April 07, ING Investment Management has renamed to NN Investment Partners. NN Investment Partners is part of NN Group N.V., a publicly traded corporation. NN Group is currently 54.6% owned by ING Group. NN Group and its subsidiaries are currently using trademarks including the “ING” name and associated trademarks of ING Groep N.V. (ING Group) under license.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.