Cybersecurity Risk & Resilience: Guidance for Investors
Railpen and Royal London Asset Management's joint report on growing cybersecurity risks in investment portfolios.
The report, Cybersecurity Risk & Resilience: Guidance for Investors, provides an evidence-based perspective on the financial materiality and threat landscape of cybersecurity risk, as well as up-to-date practical guidance for both asset owners and asset managers on how to engage with portfolio companies on the issue.
It seeks to answer three key questions:
- Why should investors care about cybersecurity?
- What should investors expect of portfolio companies?
- What can investors do?
Based on the evidence presented in the report, Railpen and Royal London Asset Management together are calling on investors to take the following steps to address cybersecurity risks:
- Recognise the financial materiality of cybersecurity to their portfolios
- Use the expectations and framework outlined in the report as a tool to assess portfolio companies’ baseline approach to cybersecurity and measure their progress towards best practice
- Identify and engage with companies that face high-risk exposure, using sector-specific vulnerabilities as a lens for screening and the report’s recommended questions to initiate dialogue
- Participate in policy advocacy on cybersecurity, as a supportive regulatory environment will enable improved alignment between company disclosures and investors’ expectations
Related articles
25 Mar 2026
Gender Pay Gap Reporting 2025
Our colleagues are fundamental to our purpose to secure our members’ future.
18 Mar 2026
Investment Stewardship for Systems Change
This report sets out Railpen’s refined approach to systems stewardship for 2026-2030, including o...
11 Dec 2025
Systemic Stewardship: The financially material imperative
Railpen's report 'Embedding Systems Thinking and Stewardship into Practice' with Sinclair Capital...