LGIM believes companies should protect their digital infrastructure in 3 key ways:
-
First, by identifying and monitoring information assets as a strategic issue.
-
Second, to attain documented evidence that these risks are being managed by conducting audits.
-
Third, for cyber awareness to be embedded in the culture of the company.
David Patt, Senior Analyst, Corporate Governance and Public Policy at LGIM, said:
“From an investor perspective we believe a focus of governance is the protection of the assets we are investing in – both physical and human.
“Cyber security is a significant risk to our investee companies. It is incumbent of us to discuss how company boards are managing cyber security and their digital infrastructure throughout the corporate year. We are concerned that many responses we receive to this major corporate risk are insufficient. Boards need to be more aware of their operational environment and emerging threats to their business. Simply put, it can affect a company’s value.
“Although it may be impossible to completely eliminate this risk, a company which understands how cyber security is linked to the business strategy will be able to make more informed decisions, manage problems better and ultimately provide more disclosure.
“The Government and a few major investors such as ourselves are more engaged than we have ever been. Now is the time though for even greater collective and consistent action to help companies – a compulsory rigorous external cyber audit must now have its time.
“This is a key strategic issue and a board responsibility. It is not just the domain of the I.T. department – we all have to be the I.T. guy”.
|
