Corporate Cybersecurity Engagement – A Practical Guide for Investors

nomura and bitsight
Written by Nicole Matusek
Invesement Management Partnerships Director

Bitsight's leading analytics and workflows allow Nomura Asset Management to effectively reduce cyber risk across credit portfolios through targeted engagement.

The increasing frequency and complexity of cyber attacks makes one thing clear - cyber risk is inextricably linked to business performance. This has prompted investors to prioritize cyber risk assessments within their portfolios. Investors now are engaging directly with companies to protect investments and optimize returns, recognizing cybersecurity as a critical component of corporate governance and risk management.

Recent trends such as the SEC disclosure regulation further underscores the importance of a transparent and comprehensive cyber risk program. Investors are demanding objective, quantifiable, and forward-looking insights into companies’ cybersecurity practices..

With Bitsight’s leading cyber analytics and intuitive workflows, investors can proactively engage with companies to tangibly reduce cybersecurity risk across their portfolio, fostering resilience and maximizing risk-adjusted returns.

Why Engage: Implications of cybersecurity performance for investors

  • Cybersecurity is a key data-driven indicator of effective governance and downside risk protection
  • Poor cybersecurity can have a negative impact on share price, stock volatility, probability of credit default and market share

Where to Engage: Asset classes best suited for cyber engagement

  • Credit Investors Effective management of cybersecurity, as a downside risk factor, is aligned to investors’ risk priorities

How to Assess: Develop a systematic, data-driven approach

  • Step 1: Determine which sectors and regions are most exposed to cybersecurity risks
  • Step 2: Determine which issuers exhibit above or below-average cybersecurity performance relative to their peer group
  • Step 3: Leverage data driven, correlative cyber performance analytics that are observable at scale and engage with these outliers
Combine issuer-level cybersecurity performance with sector-level cyber risk materiality to prioritize at-risk corporates for cybersecurity engagement

Combine issuer-level cybersecurity performance with sector-level cyber risk materiality to prioritize at-risk corporates for cybersecurity engagement.

How to Engage: Practical cyber risk considerations for debt investors

  • Understand your role is to drive effective cyber-risk oversight to maximize risk-adjusted returns, not to act as a cybersecurity expert
  • Focus on delivering specific and actionable feedback on the most material risk factors
  • Adopt a collaborative approach to foster trust with the issuer and drive measurable improvement in cybersecurity posture
  • Give relative feedback by presenting assessment data and measuring results versus anonymized peers

 

Proven Results

Nomura-logo-black

Case Study

Nomura Asset Management partnered with Bitsight to evaluate cybersecurity management practices in the multinational development bank (MNDB) market, aiming to assess relative ransomware risk and cyber governance quality. The analysis revealed a generally intermediate-to-advanced cybersecurity performance across MNDB issuers, but highlighted concerning outliers, particularly those with high-risk ratings correlating with significantly elevated ransomware incident risks. NAM addressed these risks by engaging with high-risk issuers, integrating cybersecurity into their governance framework, and initiating discussions with their CISOs. One such engagement led to the implementation of new cybersecurity policies and risk remediation efforts by an issuer.

After three months, NAM was able to independently confirm through the Bitsight platform the quantitative improvement in all measures of the issuer’s cybersecurity practices, resulting in notable reductions in related cyber incident risk. These findings show how real-time performance data and analytics enable data-driven research for cybersecurity engagement that results in quantifiable cybersecurity impact at portfolio companies.

Engagement Impact Analysis for MNDB

There’s never been a more important time for investors to engage with organizations on cybersecurity. With Bitsight, investors gain access to real-time, quantitative data to help improve their engagements, measurably reduce risk, and achieve positive outcomes - as Nomura Asset Management has done.

 

Read the Full Report Here:

Part 1 -> | Part 2 ->