Investors are growing concerned that directors are ill prepared for cyber security incidents and technological challenges.
Facebook has been hit with a fine, a slowdown in user growth and a fall in its share price since news of the Cambridge Analytica data scandal broke in March.
In the months since, the social media company’s handling of the scandal — where data was improperly obtained from up to 87m users — has been heavily scrutinised by regulators, politicians and users.
Facebook chief operating officer Sheryl Sandburg last week testified before Congress, facing hours of questioning from the Senate Intelligence Committee. She said the company was “strengthening our defences” against targeted hacking and data collection.
It is also being closely watched by corporate governance specialists at big asset managers who are increasingly concerned that senior management and board directors at listed businesses across the world are ill-prepared for potential data breaches and other technology problems.
“We see cyber security as a key emerging risk,” says Rupert Krefting, head of corporate finance and stewardship at M&G Prudential, which oversees £342 billion in assets. “It is hard for us to judge if management and board directors at listed businesses really do know the technology risks because they are not prepared to talk about it.”
Now a growing number of investors are demanding that directors ensure they are well versed in the technology issues their companies could face.
Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email [email protected] to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
Leon Kamhi, head of responsibility at Hermes Investment Management, says the asset manager is engaging “heavily” on the issue. “Cyber security risk is a big issue,” he says. “IT skills on boards can be really important in order to challenge what a head of IT is doing at the inside. Boards need to be on top of it.”
“We want the board to be tech savvy, but we wouldn’t just want it to be a tech board. Our fear is they appoint a tech expert but then no one else on the board is engaged. We want to understand the extent to which all the board is competent.”
The introduction of stringent European data protection rules earlier this year has also prompted investors to ask tough questions about how well companies are coping with technological changes. The General Data Protection Regulation, which came into effect in the EU in May, has reshaped how companies can collect, use and store personal information. Companies face fines of up to 4 per cent of global turnover or €20m, whichever is greater, if they fall foul of GDPR.
Mr Kamhi says that if companies do not step up on cyber security issues there is a risk they will be hit with even more legislation.
Many investors believe the potential issues companies could face linked to technology are far reaching. As well as being “disrupted” — meaning technological solutions could be developed that upend their business model — companies that hold consumer information are at risk of data breaches. There are also concerns about hacks or cyber attacks which could damage business brands and cost businesses millions of dollars.
If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOW