Cybersecurity and Proxy Season: What Business Executives and Risk Leaders Need to Know

Person reviewing proxy reports
Nicole Matusek
Written by Nicole Matusek
Investment Management Partnerships Director

If you’re a business executive or a risk leader, you’re likely familiar with “proxy season,” the time of year when public companies hold their annual general meetings. During these meetings, investors have the opportunity to vote on important issues such as the election of board members and executive compensation. 

But did you know that cybersecurity is becoming a critical issue to investors? 

High-profile cyber attacks continue dominating the news, making cyber risk a top concern—not only for corporate executives but the investor community. 

For public companies, poor cyber risk mitigation is a governance issue with a significant potential impact on operations and financial performance, including loss of reputation and customer confidence. As a result, investors are concerned about the cybersecurity posture of the companies in which they invest because it can lead to decline in share price, loss of competitiveness, and reduced valuation. 

Investors want information from companies about cyber risk. They want to understand that companies are taking this risk seriously and putting the right controls in place to reduce risk of an incident. More and more, they’re demanding that companies disclose information about their cybersecurity risks and incidents in their financial filings. New regulations being considered by the Securities and Exchange Commission (SEC) will ensure that companies provide more information to investors on these issues.

How are investors using data to understand cyber risk? 

Investors are leveraging Bitsight’s data analytics to better understand the risks of their investments. 

Bitsight partners with Glass Lewis & Co. (Glass Lewis), a proxy advisory service provider. Glass Lewis provides research, analysis, and voting recommendations to institutional investors for the purpose of making informed decisions on proxy voting. Over 1,300 clients—including most of the world’s largest pension plans, mutual funds, and asset managers who collectively manage over $40 trillion in assets—use Glass Lewis’s research and technology solutions to inform and facilitate their corporate governance activities. Glass Lewis reports and data are often shared with senior management and board members.

Glass Lewis plays a critical role in facilitating integral corporate governance and capital markets functions. Investors leverage proxy reports for the necessary data, research, and insights to make educated voting decisions that most accurately expresses their own business priorities and investment philosophies. On the other side of the table, business leaders and boards look to firms like Glass Lewis to understand and implement corporate governance best practices  important to their investors, whom they rely on for vital equity capital.

Glass Lewis’ proxy reports include critical cybersecurity information from Bitsight—Security Ratings, data, and insights—to  help investors better understand how cybersecurity issues may affect their investments. Bitsight’s data analytics supply Glass Lewis clients with data-driven, evidence-based cybersecurity intelligence. In turn, this information provides new visibility into a dimension of company governance and risk management.

According to Glass Lewis Chief Commercial Officer Dan Concannon, “The Bitsight Security Rating and insights allow our clients to identify cyber risk exposure, potentially minimizing both reputational risk and long-term financial losses. We are excited to include the industry’s most respected and widely leveraged Security Rating in our Proxy Paper research reports allowing our clients to incorporate another potential risk factor into their analysis and decision-making.”

How can business executives and risk leaders create trust with investors  on cybersecurity?

Given the increased focus by investors on cyber risks, business executives and risk leaders need to take proactive measures to protect their organizations and provide assurance to investors that they are implementing effective cyber risk management programs. 

Leaders should ensure they understand how investors are evaluating their organization’s performance. Bitsight suggests leaders take the following steps:

  • Know your rating and/or speak with an expert on Bitsight’s methodology
  • Understand the Bitsight Executive Report that appears in Glass Lewis proxy reporting 
  • Understand how investors are leveraging this information in their voting and decision making processes
  • Engage with Bitsight to develop a self-published rating, if needed 

Leaders should also consider broader transparency initiatives around their programs. As demands and expectations increase, cybersecurity leaders are realizing that they must be more transparent about their cybersecurity programs to create trust. Effectively communicating cybersecurity risk and performance initiatives to investors helps to create greater trust and confidence. 

Equifax offers a strong example of public cybersecurity trust initiative. Equifax suffered a significant and widely publicized breach in 2017 and have dramatically turned around their cybersecurity program in the past six years. Jamil Farshchi, Chief Information Security Officer at Equifax, is leading a critical corporate initiative to proactively disclose information regarding his company’s cybersecurity performance to the marketplace. For the last three years, Equifax has published a “Security Annual Report,” a document highlighting its cybersecurity program accomplishments and sharing information to the marketplace so that stakeholders—and the public alike—can better understand the company’s efforts. Last year, Jamil Farshchi joined Bitsight and Glass Lewis in a webinar about the program and the steps they are taking to provide transparency to the market. Glass Lewis described its efforts as “quite unique and remarkable.” 

If you are interested in learning more about the steps that you can take to increase investor trust and confidence in your cybersecurity program or Bitsight’s partnership with Glass Lewis, please reach out to a Bitsight representative or visit the Bitsight-Glass Lewis Partnership website.