Skip to Main Content
close Close

Investors need to consider cyber risk, new report warns

Published: 06 November 2019

A new report released today outlines that cyber security is a clear financial risk facing pension schemes’ assets.

  • Mark Fawcett, Nest’s CIO: “The worst thing investors can do is bury their heads in the sand”
  • Richard Williams, Railpen’s CIO: “Trustees need to acknowledge that it is not a matter of ‘if’ but ‘when’ their investee companies will face a serious cyber security breach”

The report, jointly published by Nest and RPMI Railpen (Railpen), analyses the fallout from cyber-attacks and how the two pension schemes are approaching the topic. This includes details of high-profile cyber-attacks on businesses over the past decade and recommendations on how pension schemes can lower the cyber-attack risk in their portfolios. 

While there is guidance for trustees on repelling cyber security risk in relation to the pension scheme itself, there is no equivalent advice for trustees on how to incorporate cyber security risk into their investment and stewardship processes.

Mark Fawcett, Nest’s Chief Investment Officer, believes there is more investors can do:

“The worst thing people can do is bury their heads in the sand. Cyber-attacks can seriously undermine the performance of a company, making what would seem an ideal investment opportunity turn into a costly mistake. 

“Pension funds should check if the businesses they invest in take the threat of cyber-attacks seriously to help protect their members’ investments.

“The financial impact and importance of cyber-attacks can no longer be denied and needs to be considered in any responsible investment strategy. Companies cannot stop attacks from occurring, but preparedness and operational resilience is key.”

Richard Williams, CIO, RPMI Railpen added:

“Trustees need to acknowledge that it is not a matter of ‘if’ but ‘when’ their investee companies will face a serious cyber security breach. 

“Today’s publication provides a toolkit for pension scheme trustees. Companies should be ready for questions from investors, and pension funds need to start raising the topic with their managers.”

The threat posed by cyber-attacks looks only set to increase:

  • The World Economic Forum placed cyber-attacks and data fraud or theft in the top 10 global risks for 2019.
  • A report this year by E&Y found that 54% of Fortune 100 companies included cyber security as an area of expertise sought on the board or cited in a director biography, up from 40% last year.

While by 2020 analysts expect spending on cyber security to rise to $125 billion, the latest forecast puts the expected cost of cyber-attacks to reach $90 trillion by 2030. 

Ends.

Notes for Editors

The report released today on cyber-attacks is titled: Why UK pension funds should consider cyber and data security in their investment approach. A copy of the report can be found here.

Included within the report are recent high-profile examples of companies which have been cyber-attacked and the resulting financial impact this caused, to them and their customers:

  • British Airways, Sept 2018: 380,000 customer bank details hacked, resulting in a $229m fine with a possible £500m lawsuit on top           
  • Facebook, March 2018: 87 million Facebook users data hacked, $5bn fine and $119bn (20%) fall in market value
  • Yahoo, 2013-14: 500 customers had personal data stolen – names, email, DOB, phone numbers, passwords, security questions, leading to around $350 million fall in value

About Nest

Nest was set up by government to help deliver auto enrolment and ensure every employer has a pension scheme available for their eligible workers. It is now the largest pension scheme in the UK with more than 8 million members, looking after £8.5 billion worth of assets on their behalf. 
Forecasts put Nest as having £20 billion assets under management by 2022 and by the late 2020s, one third of the working population is expected to have a Nest pension pot.

Nest is a not-for-profit pension scheme which is committed to helping millions of people, and particularly those on low income, enjoy a better retirement. It offers savers an award-winning investment strategy through a diversified portfolio and is a committed responsible investor.

About RPMI Railpen

RPMI Railpen acts as the investment manager of the railways pension schemes and is responsible for the management of around £30bn. Follow RPMI on Twitter @RPMIpensions.