The institutional investment landscape is changing, leaving the participating parties with new questions, concerns, and priorities. Cybersecurity is one of many topics on their minds, especially with so many communications, transactions, and other business operations happening online or through digital and cloud-based platforms.
The recent interest in cryptocurrencies as investments emphasizes that many people are ready to embrace the digital realm. However, investing in digital commodities or aligning with companies offering online platforms and services requires understanding the modern world’s cybersecurity impacts.
What Are Institutional Investors’ Chief Concerns?
A July 2023 McKinsey & Company report interviewed senior executives at 40 of the world’s leading pension and sovereign-wealth funds. The goal was to identify their biggest concerns and their respective coping mechanisms. One takeaway was that respondents aimed to sharpen performance-related competitiveness through purpose, portfolio construction, and proficiency. Many recognized the need for evolving strategies in an increasingly uncertain world.
Interviewees mentioned shifts in the following areas:
- The world order
- Technology platforms
- Demographic forces
- Resource and energy systems
- Capitalization
Changes in the world order were significant factors,
More than four-fifths of respondents chose technology as a focus, and the increasing use of technological platforms caused concerns for some. Besides more investors using tech-centered processes, they’re more aware of cyberattack risks, with such incidents rising globally and across industries. Then, 76% of respondents raised demographic-related concerns, such as aging populations, income inequality, and political polarization.
The results of a different study about family offices featured findings to explain an even stronger cybersecurity connection to demographics. As wealthy people age, they think about how they’ll pass their wealth to younger individuals, usually through inheritances.
Family offices are privately held service providers that assist ultra-high-net-worth individuals with strategic investments to transfer their wealth across generations. The 2024 study from J.P. Morgan polled 190 family offices worldwide,
Why Do Institutional Investors Care About Cybersecurity?
Institutional investors cannot afford to ignore cybersecurity. Attacks could severely disrupt operations and erode clients’ trust. One study indicated asset managers have already heard feedback from institutional investors. More than
Emerging Regulations
In 2023, the United States Securities and Exchange Commission established new policies
People commenting on the developments said companies
A Lack of Risk Specificity
In the United Kingdom, a 2022 report from the Financial Reporting Council
However, the coverage expressed how failing to disclose cybersecurity risks or using non-customized language to describe them could be red flags that the company has not adequately prioritized digital systems security.
Institutional investors want assurances companies have followed all recommended best practices for preventing cyberattacks. And — if such events have already happened — that the affected parties have done everything necessary to stop repeat occurrences. Otherwise, any investor associated with the attacked companies could experience adverse ripple effects.
Financial Firms Increasingly Breached
Institutional investors’ cyberattack fears are not unfounded. A 2023 study of United Kingdom cyberattacks reported to the Information Commissioner’s Office showed
Richard Breavington, a partner and the head of cyber and tech Insurance at RPC, conducted the study. He acknowledged although the prevailing assumption may be that major financial services businesses
Environmental Activists Launching Cyberattacks
Societal trends towards increased sustainability may also spark new cyber risks. For example, one survey found
However, a small but notable subset has used that passion to launch cyberattacks. In one example, a group of so-called “environmental hacktivists”
New and established knowledge reveals many things that harm the planet — from plastic waste to fossil fuels. Institutional investors could align with companies some people perceive as bad for the planet. If such feelings gain enough traction, hackers could target the digital infrastructures of those businesses, believing their efforts will help the Earth by causing hassles for known polluters.
Institutional Investors Want to See Cybersecurity Preparedness
Tight security measures reduce attack risks, but shareholders benefit from them too. A 2024 study revealed how companies demonstrating advanced security performance
The research also indicated companies become better cybersecurity performers after establishing specialized risk or audit committees to provide board oversight and recommendations. Another takeaway was that heavily regulated industries — such as financial services and health care — achieved the highest cybersecurity ratings. Conversely, the communications sector lagged due to its traditionally less stringent requirements.
Institutional investors seek evidence that companies have preventive measures and can swiftly recover from attacks. When entities have quick, decisive, and transparent responses, such reactions show planning occurred, and leaders are ready to overcome adverse circumstances.
Potential investors should ask for details about a company’s cybersecurity and data protection measures, including:
- Industry-specific risks and compliance requirements
- Information about the company’s cybersecurity team
- How the organization handles internal and external data
- How much the company relies on external service providers
- Whether the business has had previous cyberattacks
- The responses and outcomes of such incidents
- If the company follows a specific cybersecurity framework
- The organization’s remote working cybersecurity policies
Third-party audit frequency details are also helpful because they show the company has committed to continual improvement and regular assessments. Specific information will help institutional investors review all the details and reach confident conclusions. No company is perfect, but one with robust preventive measures against cyberattacks demonstrates a strong security posture investors should appreciate.
Awareness Before Acting
All investments include risks, and today’s institutional investors must be proactive in examining companies’ cybersecurity stances before showing serious interest. That approach allows the maximum awareness associated with particular investment decisions, allowing people to study all the variables and determine if they fall within their risk tolerance.
Then, institutional investors can act in their clients’ best interests and protect their businesses and reputations in an increasingly digital, online world with frequent, severe cyberattacks.