Cybersecurity Risk & Resilience: Guidance for Investors

Railpen and Royal London Asset Management's joint report on growing cybersecurity risks in investment portfolios.

Caroline Escott , Sophie Harris / 8 January 2025

The report, Cybersecurity Risk & Resilience: Guidance for Investors, provides an evidence-based perspective on the financial materiality and threat landscape of cybersecurity risk, as well as up-to-date practical guidance for both asset owners and asset managers on how to engage with portfolio companies on the issue.

It seeks to answer three key questions:

Why should investors care about cybersecurity?
What should investors expect of portfolio companies?
What can investors do?

Based on the evidence presented in the report, Railpen and Royal London Asset Management together are calling on investors to take the following steps to address cybersecurity risks:

Recognise the financial materiality of cybersecurity to their portfolios
Use the expectations and framework outlined in the report as a tool to assess portfolio companies’ baseline approach to cybersecurity and measure their progress towards best practice
Identify and engage with companies that face high-risk exposure, using sector-specific vulnerabilities as a lens for screening and the report’s recommended questions to initiate dialogue
Participate in policy advocacy on cybersecurity, as a supportive regulatory environment will enable improved alignment between company disclosures and investors’ expectations