Share your thoughts on our News & Insights section. Complete our survey to help us improve.

Cybersecurity – expert views on how to shelter your portfolio

Cyber attacks can cost companies millions which can impact investor return. Find out what our Wealth Shortlist managers do to limit the risk.
cybersecurity

Important information - This article isn’t personal advice. If you’re not sure whether an investment is right for you please seek advice. If you choose to invest the value of your investment will rise and fall, so you could get back less than you put in.

This article is more than 6 months old

It was correct at the time of publishing. Our views and any references to tax, investment, and pension rules may have changed since then.

Cyberspace is the Wild West of our digital age. But the currency isn’t gold, silver or counterfeit bank notes, it’s data.

In 2023, nearly one third of all UK businesses faced a cybersecurity breach or attack, increasing to just over two thirds for large companies. These attacks can be expensive – the average cost of a data breach globally reached $4.45 million last year, up 15% over three years.

But good cybersecurity isn’t just about companies safeguarding their own operations and cash. They need to make sure companies in their supply chains have strong controls too. Suppliers, usually smaller companies with limited resources, can inadvertently introduce vulnerabilities and cause some chinks in the armour.

As companies struggle with this new cyber secure reality, investors are taking note of how important protecting data is to the value of their investments. Understanding exposure to companies with poor cyber controls is key to making sure your investment doesn’t just grow, but can survive the high noon showdown of digital threats in cyberspace.

How could cybersecurity impact my investments?

ESG Analyst Tara Clee breaks down why every investor needs to understand and address cyber security risks in their portfolio.

How some of the fund managers from our Wealth Shortlist have managed cybersecurity risk in their portfolio.

This isn’t personal advice. Remember, all investments and any income they produce can fall as well as rise in value – you could get back less than you invest. If you’re not sure an investment is right for you, ask for financial advice.

Matt Evans, Ninety One UK Sustainable Equity

Cybersecurity is a universal risk, especially impactful on data-focused businesses.

Last year, one of the fund’s holdings, Morgan Advance Materials, suffered a cyber incident which led to significant operational challenges. The firm has recovered from this incident but had to manage a fall in sales of £10m as they couldn’t process business.

Morgan Advance have taken exceptional costs in experts to rectify issues of around £15m and pulled forward planned spend in IT to strengthen their systems of over £10m. The short-term sales loss and exceptional costs will not be recovered but the investment in IT will improve business operations going forward, improve efficiency and lead to far better cybersecurity.

This underscores the imperative of constant cybersecurity investment and robust defence mechanisms needed for all businesses, as risks persist and evolve.

James Thomson, Rathbone Global Opportunities

Visa and MasterCard are both holdings in the fund and face the risk of a systematically significant event should either of their payment networks face a breach. As such it is vital both firms maintain strong and resilient cybersecurity controls.

My previous conversations with the CEO of Visa indicated that this area has an unlimited budget and is a standing agenda item at every board meeting. The network itself cannot be breached using traditional cyber hacking techniques and would need to be physically breached at their network data centre (location undisclosed) but the security there is not dissimilar to Fort Knox.

Kirsty Desson, Abrdn Global Smaller Companies

In assessing a company’s resilience to cyber-attacks, we consider multiple factors including the company’s policies and procedures, country jurisdiction, history of breaches, evidence of system audits, staff training, board or senior management data security oversight and independent validation.

An example of a holding where cybersecurity is core to the company’s operations, is Altair. The business offers cloud-based design simulation tools for high-end product design and development. Due to the nature of Altair’s business, the company works closely with customers in the early product design phase, which is highly sensitive.

In our conversation with management, it was flagged that the company stores a minimal amount of customer data on site and conducts regular data security resilience checks. Over time, Altair has strengthened its data privacy measures and dedicated oversight of its security framework, evidencing strong management of this ESG risk.

Want to see how these funds get on in 2024?

Watchlists let you track investments like this year’s five responsible funds to watch without spending real money. You can follow performance, create your own watchlist or copy the details of real holdings.

Log in to your account to keep track online or with the HL mobile app.

Latest from Personal finance
Weekly Newsletter
Sign up for Share Insight. Get our Share research team’s key takeaways from the week’s news and articles direct to your inbox every Friday.
Written by
Tara Clee
Tara Irwin
Senior ESG Analyst

Tara's part of our ESG Analysis team. She is passionate about climate change and helping clients invest responsibly.

Our content review process
The aim of Hargreaves Lansdown's financial content review process is to ensure accuracy, clarity, and comprehensiveness of all published materials
Article history
Published: 11th January 2024