Skip to content
Menu
Contact us

How do cyber security issues impact investment tech?

Cybersecurity has been a challenge for as long as IT systems have existed. Once seen as the exclusive domain of back-end IT departments, it is now beginning to take centre stage as more CEOs, COOs and CFOs put it at the top of their agendas.

High security bank front Source: Bloomberg

There is growing recognition that cyber security is far more than just an IT issue

It is a fallacy to presume that poor technology is the sole contributing factor to cyber risks and threats. Inadequate security protocols can also expose organisations - including hedge funds - to significant reputational damage, regulatory breaches and client data breaches.

Research indicates that the majority of these threats are caused by people rather than technological failures. For example, using weak passwords, opening links from phishing emails, or deliberately sharing sensitive information, all put organisations at risk of cyber security breaches.

With greater threats and risks comes greater demand for cybersecurity itself

On a more positive note, for investors at least, cybersecurity investment rose by 25% in in the UK in 2021 compared to 2020, thanks to a growing appetite for cyber security stocks.

Cybersecurity companies in the UK generated £10.1 billion in revenue collectively in 2021 , which was 14% higher than in 2020. Globally, investors have put in £16 billion into the sector, with UK firms like Immersive Labs, a Bristol-based company that develops platforms to improve cybersecurity skills in businesses, raising an impressive £53.5 million during a Series C funding round.

Did you know that tech companies are especially vulnerable to cyber threats and risks?

In a Global Cyber Executive Briefing case study, Deloitte says the high-tech sector in particular is often 'ground zero' for cyber-attacks.

Why is that? Well, here are some explanations:

1. These companies store information which is valuable to cyber criminals.

We live in an era of Big Data, when investment tech companies store enormous volumes of confidential information that cyber criminals are eager to steal and sell to third parties.

2. They are often experimenting with new technologies that may be vulnerable to attacks.

Many of these new technologies have yet to mature, which means the security infrastructure may be weak and vulnerable to attacks.

3. The working environment will often be flexible

Hi-tech companies often operate hybrid working models, involving a mixture of home-working and office-based working, while others may be fully remote. If employees are accessing secure systems from multiple devices on a regular basis (i.e. a home laptop, a personal phone, a work laptop, a work phone), in theory, there is a higher quantitative risk of a cyber-attack.

Is cybersecurity becoming a bigger challenge for the wider economy?

The World Economic Forum, in its Global Cybersecurity Outlook report and meeting, revealed that the number of cyberattacks rose by 125% in 2021, and the evidence suggests a worsening picture in 2022.

One of the panellists at the event, Jürgen Stock, Secretary-General, International Criminal Police Organization, said he thought the major risk to IT security is human failure, which 'opens the door for criminals to attach the systems to take data hostage'. Jurgen also stressed that the data we refer to do not represent the full picture, because many victims of cyber-attacks do not report these incidents to authorities. He estimates that only about 5-10% of cases are actually recorded by law enforcement, so what we see in the data is the tip of the iceberg.

Cyber security issues should be a key concern for hedge fund managers too

Many cyber criminals will have a vested interest in targeting hedge funds to try and access sensitive information like client data and investment strategies, particularly as hedge fund technology grows.

In April 2022, an Israeli investigator pleaded guilty to a fraud and 'hacking-for-hire' conspiracy which targeted hedge funds, journalists and other groups. The investigator, who is now facing a maximum prison sentence of 27 years, admitted to working with hackers who sent phishing emails to try and acquire confidential client information.

Companies need to be more proactive at dealing with cyber threats and risks

In a 2019 report, McKinsey revealed that there is growing pressure from boards and regulators to apply a 'risk-based' approach to managing cyber risk, rather than the traditional ‘maturity-based' approach that focuses on the capability of an organisation’s cybersecurity.

What’s the difference between maturity-based and risk-based approaches?

The maturity-based approach emphasises strengthening security by introducing features such as multi-factor authentication on devices. Companies that adopt this approach will often hire highly skilled Information Security Officers to own these functions. But the new risk-based approach is much more comprehensive, focusing on managing cyber risk and threats through an enterprise-risk management (ERM) framework. This framework identifies all potential risks to the organisation and manages them within the company's risk appetite.

ERM frameworks can be valuable resources for hedge fund managers who are comparing candidates for their tech portfolios

This type of information can help you determine which companies have the best risk-management frameworks in place.

Why does all this matter?

The better a company is at managing risks, the lower the likelihood that it will experience adverse events, such as data breaches from hacking, which could expose it to significant operational, reputational and financial risk.

Data breaches aren't just a problem for an organisation's primary stakeholders

They are a threat to investors, too, because, in a recent study, the share prices of companies experiencing data breaches fell an average of 3.5% (Nasdaq) and hit their low about 110 market days after the breach. Long term, breached companies continued to underperform the market, implying that the original data breach was still having an impact on the stock price, or that there were other internal or external factors at play.

What should you look out for when assessing which tech companies to invest in?

ClearRisk, a risk management software provider, has identified a 9-point process for determining whether a company has an effective ERM Framework in place - here’s a summary of some key things to watch out for when investigating potential cyber security stocks to add to your prime brokerage portfolio.

Does the company explain its risk management functions in plain language? If someone at this company were to explain to you - verbally or in writing - what sort of cyber security risk management procedures it has in place - can you understand what they are talking about? If so, there is a good chance that other people in the organisation understand it too.

Does the company have a risk management steering committee?

If so, this is a good indication that the organisation takes this issue seriously.

Are there people in the organisation who have clearly defined responsibilities for cyber security?

Does the company publish a risk appetite statement and amend this regularly?

Does the company have RMPs? (risk mitigation plans)

In summary:

  • Cybersecurity issues are far more than just an IT or tech sector problem
  • Human failure plays a significant role in elevating these risks and threats
  • The best tech companies will have robust ERM frameworks for managing risk
  • Cyber breaches can reduce a company’s stock performance

Publication date: 2022-10-25T14:12:17+0100

The information in this presentation does not contain (and should not be construed as containing) personal financial or investment advice or other recommendation, or an offer of, or solicitation for, a transaction in any financial instrument. No representation or warranty is given as to the accuracy or completeness of the above information. Consequently, any person acting on it does so entirely at his or her own risk. The information does not have regard to the specific investment objectives, financial situation and needs of any specific person who may receive it. IG accepts no responsibility for any use that may be made of these comments and for any consequences that result. IG Australia Pty Ltd ABN 93 096 585 410, AFSL 515106.

Contact us

Let us create a solution tailored for your needs. Get in touch with our Australian-based team by phone or email to discuss your objectives, or request a brochure.

1800 570 700
prime.au@ig.com
Request a brochure

Please include the country code if outside the Australia

By clicking Request a brochure you agree to the terms of our access policy

IG Terms and agreements Privacy Cookies

CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. You do not own or have any interest in the underlying asset. You should consider whether you understand how CFDs work, and whether you can afford to take the high risk of losing your money. Please consider the Margin Trading Product Disclosure Statement (PDS), Risk Disclosure Notice and Target Market Determination before entering into any CFD transaction with us.

The value of shares, ETFs and ETCs bought through an IG share trading account can fall as well as rise, which could mean getting back less than you originally put in. Past performance is no guarantee of future results.

Please ensure you fully understand the risks and take care to manage your exposure.

The information on this website is prepared without considering your objectives, financial situation or needs. Consequently, you should consider the information in light of your objectives, financial situation and needs.

This website is operated by IG Australia Pty Ltd. IG Australia Pty Ltd is located on Level 32, Queen & Collins, 376-390 Collins Street, Melbourne, VIC 3000. ABN 93 096 585 410, Australian Financial Services Licence No. 515106. Derivatives Issuer Licence in New Zealand FSP No. 684191, NZBN 9429047618251.

The information on this site is not directed at residents of the United States or any particular country outside Australia or New Zealand and is not intended for distribution to, or use by, any person in any country or jurisdiction where such distribution or use would be contrary to local law or regulation.

IG Group Careers Marketing partnership

 

 

 

© Copyright 2023