Investors care about cybersecurity
According to a survey of 405 U.S. investors, “more than 70% of investors are interested in reviewing public company cyber security practices and almost 80% would likely not consider investing in a company with a history of attacks.”
I don’t believe the situation is different anywhere else in the world – investors want to know that the companies they’re investing in have taken appropriate precautions against the wide range of possible cyber attacks. Investors know that organisations that are prone to cyberattack are exposed to data loss, fraud, reputation damage, legal and regulatory action, fines, weakening of competitive position and so on. More than that, weak cyber security is also often indicative of a management that doesn’t properly understand technology, and that may not have appropriate technology or IT governance controls in place either – cyber risk, in other words, may often be a proxy for a broader set of IT-related risks.