Business and cybersecurity experts recently told the World Economic Forum that there is a high likelihood of a destabilizing and “catastrophic” cyberattack linked to geopolitical instability within the next two years.
And the largest segment (34%) of respondents to a recent Allianz survey of more than 2,000 company representatives said cyber risk was the number one most important global business risk for 2023.
As cyber risk escalates for companies, scrutiny regarding how they are handling and preparing for these threats is intensifying. This week, influential proxy advisory firm ISS launched its ESG Cyber Risk Score, which will be added to S&P 500 company voting and research reports in time for this year’s proxy season. The score measures “how well a company manages and maintains its network security” and evaluates the likelihood of a company’s suffering a material cybersecurity event within the next 12 months.
The scores range from 300, the riskiest, to 850, the least risky.“Investors are looking to mitigate their possible exposure to cyber events. Cyber attacks can cause a significant impact on a company’s financial performance and reputation, and share prices are shown to fall following the announcement of a cyber event,” wrote Till Jung, managing director and head of product at ISS ESG, the responsible-investment arm of ISS, in an email. “Cyber risk is viewed today as a business risk that when measured can then be monitored and ideally managed. Investors want to avoid the very real negative outcomes for portfolio companies that can result from a breach, which includes operating downtime, fines and legal fees, reputational damage [and] intellectual property theft.”
This comes as stakeholders await a final cybersecurity disclosure rule from the SEC, slated for April, that will require companies to disclose whether boards have cybersecurity expertise, policies to mitigate cybersecurity risks and other mandates, as Agenda has reported.Agenda – ISS Adds Cyber Risk to Company Scores