We would like to thank our generous sponsors for making this article possible.
On top of cybersecurity’s critical role in protecting systems, networks, programs and data, it is equally as important to investors, who typically examine data protection and information security policies to assess a firm’s cybersecurity risks. While cybersecurity has mainly been viewed as a technology issue, it is now also regarded as a key environmental, social and governance (ESG) concern, falling under the “Social” pillar.
ESG frameworks are a tangible means of evaluating corporate behavior; by incorporating cybersecurity, a new dimension is added, giving insight into cyber behaviors and risks which form a critical part of the bigger ESG picture. J.P. Morgan Global Research takes a closer look at the current cyber risks and why cybersecurity is fast becoming a core consideration in ESG frameworks.
Why is cybersecurity now important to a broader demographic?
2020 was a challenging year for global organizations, with the adjusted average total cost of a data breach reaching $4 million per company. This was compounded by remote workforces, increasing the average total cost of a data breach by nearly $137,000. In a booming digital economy, cybersecurity is no longer just a software industry concern. It is becoming a major topic for company management, global investors and players from all industries with exposure to cyber technology and customers’ private information. A far broader demographic is becoming increasingly concerned with cybersecurity’s social impact as well as technological implications.
Cybersecurity: A key metric under the social pillar
Cybersecurity has gained wider attention as the global workforce has pivoted to working from home and as data breaches occurred to companies in various industries. Companies can be fined and/or suffer reputational damage if they do not adequately protect their information networks. The sectors most relevant to this theme are Information Technology, Consumer Discretionary, Financials, and Communications Services. It could also have material impact on industries which have conventionally spent lower budgets on cybersecurity issues.
From our partners:
Increasing data security regulations: Reshaping corporate behavior
Additional data security regulations have been introduced globally to enhance the protection of personal information, reshaping corporate behavior towards data usage and security. In May 2018, the General Data Privacy Regulation in Europe (EU GDPR) was introduced and in June 2018, the California Consumer Privacy Act (CCPA) was passed. Growing compliance requirements will likely drive corporate spending higher and may lead to financial losses if companies commit misconduct.
Cybersecurity industry growth
As cybersecurity becomes a broader concern, the industry is growing. Core security spending reached $68 billion in 2020, consisting of major spending in:
- Infrastructure protection
- Network security equipment
- Integrated risk management
- Application security
Security services spending reached $64 billion in 2020. The fastest-growing segment was cloud security, with further increased demand expected in a post-COVID world. Global revenue for the security software segment is expected to see consistent growth.
Looking at cybersecurity through a global lens, the U.S. led the way, accounting for ~65% of the global market. This was followed by Asia, accounting for 27%.
Global cybersecurity: Why is it a worldwide social concern?
Cybersecurity is becoming a worldwide social concern, with growing interest from around the globe. Taking a global view is important: information regarding a firm’s cybersecurity risks is incomplete without factoring in geographical and geopolitical data. Foreign territories can initiate cyberattacks on organizations and these risks are not captured in conventional analysis.
10 high-risk regions based on next peak geo cyber risk indexVIEW TEXT VERSION
Reasons behind these scores differ. According to Next Peak, China has a strong national cyber strategy, an established cyber emergency response team and a sophisticated internet content management system. However, China topped the Next Peak index for state cyber threat risk, driven by alleged hacking activities, weak cybercrime laws and poor intellectual property protections. India experiences high cybercrime risk despite a low percentage of the population having internet access, driven by the high number of malicious IP addresses registered there, according to Next Peak. Frequent nationwide internet shutdowns contributed to a high dissident cyber risk.
On the other hand, the U.S. has high cyber capabilities as significant resources have been invested in by the government. However, the U.S. remains a prime target for cybercrime, contributing to its relatively low Geo Cyber risk score, based on Next Peak’s analysis.
All contents, sources and opinions from this section are solely provided and contributed by Next Peak.
Cybersecurity matters as an ESG concern
The MSCI ACWI IMI Global Cyber Security Index aims to represent companies that could potentially benefit from increased investment in systems, products and services that provide protection against cyberattacks. While the index underperformed the Information Technology Index, it outperformed the broad market.
There are clearly considerable factors at play which are making cybersecurity an interesting prospect for businesses, investors and the general public. Considering cybersecurity as an ESG metric is still a relatively new stance but all evidence points to continued interest across the board. The future of cybersecurity as an ESG concern looks set to expand: it is fast becoming so much more than a technology issue.
Originally published at: J.P. Morgan