Investors should be prioritising cybersecurity when deciding which companies to invest in, according to the World Economic Forum.
The organisation has published guidance for investors on how to effectively ensure a company has adequate security in place, arguing that investors play a vital role in ensuring that cybersecurity is increasingly prioritised by businesses.
The report, Incentivizing responsible and secure innovation: Principles and guidance for investors, includes information on suitable frameworks for cybersecurity due diligence for investors, and key duty of care principles. It is part of a series of reports designed to encourage better cybersecurity practices across the entire enterprise ecosystem.
“Building that future calls upon us to take cybersecurity seriously when we innovate and create new technologies,” wrote Troels Oerting, Chairman of the Advisory Board Centre for Cybersecurity, World Economic Forum, in the report’s foreword.
“The cybersecurity challenges that we face today have arisen because there has been no incentive to build better security in the past. With this body of work, we begin to change that.”
Why cybersecurity should matter to investors
Cybersecurity has traditionally been of little concern to those outside of the IT department, and while this is beginning to change as the business world wakes up to the financial damage a breach or hack can pose, it remains a topic many investors know little about.
However, experts quoted in the World Economic Forum’s report argue that it is vital that investors take cybersecurity concerns into account.
“In the Fourth Industrial Revolution, when most businesses are relying on technology and data, understanding cyber risk when investing must be a part of the investor’s risk appetite calculation process,” said Kelly Young, chief information officer, Hillspire.
“Cybersecurity preparedness assessment acts as a reference when making investment decisions and the cybersecurity due diligence assessment framework is one of the tools to enable investors to evaluate cyber risk.”
“Investors need to be able to confidently assess cyber risk with the same rigour as other risks they analyse and manage – and that ability can be met only with a standard set of principle,” added Martina Cheung, president, S&P Global Market Intelligence.
“The cybersecurity due diligence assessment framework is a great building block for this as it offers an industry standard that investors can use across the investment cycles to help their portfolio of companies improve their cyber exposure practices.”