{{r.fundCode}} {{r.fundName}} {{r.series}} {{r.assetClass}}

Welcome to the new RBC iShares digital experience.

Find all things ETFs here: investment strategies, products, insights and more.

This article is part of a new series based on the results of the 2019 RBC Global Asset Management Responsible Investment Survey. The survey, entitled ‘Responsible Investing: An Evolving Landscape,’ revealed meaningful insights on the considerations of environmental, social and governance (ESG) factors by global institutional investors.

Almost two-thirds of the world’s institutional investors are concerned about the impact of cyber security threats on their investments, making it investors’ foremost environmental, social and governance (ESG) risk, according to the 2019 RBC Global Asset Management Responsible Investment Survey.

Of the nearly 800 investors surveyed in the United States, Canada, Europe and Asia, 67% reported concerns about cyber security. Anti-corruption was the second most prevalent concern, followed by water.

Cyber threats weighed heaviest on U.S. investors, at 71% of respondents. In Canada, 65% of investors cited cyber security as a concern, on par with a number of other ESG risks including climate change and executive compensation but slightly trailing anti-corruption. 

In Europe and the UK, 59% of investors expressed concern about cyber security, the lowest of any region. Still, this put cyber security higher than any concerns in the region except climate change (88%) and water (84%). 

Cyber attacks can affect the interests of all stakeholders, disrupting a company’s operations, affecting how its employees work and inflicting brand damage that can severely jeopardize customer loyalty and trust.

Clearly, investors are awakening to the profound, business-wide risk created by cyber security vulnerabilities.

Investment risks in cyberspace

The Equifax breach in 2017 remains the prime example of just how much damage cyber attacks can cause. Hackers stole the personal information of 147 million Americans, costing up to US$700 million1 and causing Equifax’s share price to drop 30% in a matter of days.2

While that breach was unique in its scale, cyber attacks have become remarkably common. In Canada, for example, about 87% of businesses reported falling victim to a breach in 20173 — and almost half of those companies lost sensitive data. That same year, the WannaCry ransomware attack badly disrupted the UK’s health system and Germany’s rail system.

Cyber attacks can affect the interests of all stakeholders, disrupting a company’s operations, affecting how its employees work and inflicting brand damage that can severely jeopardize customer loyalty and trust. A breach can also impact sensitive information related to clients, contractors and suppliers. And as tighter regulations are put in place, companies may be exposed to legal liability – making cyber security a key corporate governance concern for investors.

The threat of cyber attacks is so severe that the World Economic Forum in 2018 declared cyber security the top business risk in Europe, North America, and East Asia and the Pacific.

Achieving privacy and security

Investors are responding by applying increased scrutiny to companies’ data privacy and security controls, and by asking for information on a wide range of cyber topics, from corporate preparedness to risk management and board-level cyber governance. 

Obtaining this information and comparing metrics across companies remains difficult, as there are no universally accepted cyber-risk metrics. Investors need to take an evolving approach by continuously monitoring companies and engaging with them on governance practices. 

RBC Global Asset Management (RBC GAM) has in recent years engaged with a number of boards on oversight of their cyber- and privacy-risk management. Our investment teams work with the RBC GAM Corporate Governance and Responsible Investment (CGRI) team to understand and assess issues related to cybersecurity and privacy, as well as other ESG concerns.

Last year, our CGRI team led a successful engagement with a FTSE 100 company as part of a collaborative initiative coordinated by the United Nations’ Principles for Responsible Investment (PRI) network. The CGRI team first engaged with the company’s board, requesting further disclosure and clarification of its policies and strategies as well as board and management oversight of cyber risks. After reviewing the outcomes of the engagement, the team then engaged directly with the company’s Chief Technology Officer to determine:

  1. whether or not cyber security skills were formally sought after at the board level,
  2. the type of cyber-related information and data presented to the board,
  3. and the scope of operations covered by its cyber security policy.

Launched in the second half of 2017, the PRI initiative enabled over 50 institutional investors to collectively engage with companies across sectors. The primary goals were to build investors’ knowledge of how their portfolio companies were positioned to manage cyber risk, to establish investor expectations on what companies should disclose, and to improve the amount and quality of those disclosures. 

The takeaway from that engagement, and from the RBC GAM Responsible Investment Survey: Companies that continually seek to address the growing threat of cyber attacks, and that work to effectively convey those efforts to investors, will be rewarded in a market increasingly attuned to cyber security and privacy. 

Learn more about how cyber security affects the interests of all stakeholders.

1. Equifax data breach settlement. Federal Trade Commission. September 2018. https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement
2. Equifax shares plunge again -- 35% in past week. CNN Business. September 14, 2017. https://money.cnn.com/2017/09/14/investing/equifax-stock/index.html
3. Regional risks for doing business. World Economic Forum. 2018. http://www3.weforum.org/docs/WEF_Regional_Risks_Doing_Business_report_2018.pdf

Disclosure

This document is provided by RBC Global Asset Management (RBC GAM) for informational purposes only and may not be reproduced, distributed or published without the written consent of RBC GAM or its affiliated entities listed herein. This document does not constitute an offer or a solicitation to buy or to sell any security, product or service in any jurisdiction. This document is not available for distribution to people in jurisdictions where such distribution would be prohibited.

RBC GAM is the asset management division of Royal Bank of Canada (RBC) which includes RBC Global Asset Management Inc., RBC Global Asset Management (U.S.) Inc., RBC Global Asset Management (UK) Limited, RBC Global Asset Management (Asia) Limited, and BlueBay Asset Management LLP, which are separate, but affiliated subsidiaries of RBC.

In Canada, this document is provided by RBC Global Asset Management Inc. (including PH&N Institutional) which is regulated by each provincial and territorial securities commission with which it is registered. In the United States, this document is provided by RBC Global Asset Management (U.S.) Inc., a federally registered investment adviser. In Europe this document is provided by RBC Global Asset Management (UK) Limited, which is authorised and regulated by the UK Financial Conduct Authority. In Asia, this document is provided by RBC Global Asset Management (Asia) Limited, which is registered with the Securities and Futures Commission (SFC) in Hong Kong.

This document has not been reviewed by, and is not registered with any securities or other regulatory authority, and may, where appropriate, be distributed by the above-listed entities in their respective jurisdictions. Additional information about RBC GAM may be found at www.rbcgam.com.

This document is not intended to provide legal, accounting, tax, investment, financial or other advice and such information should not be relied upon for providing such advice. RBC GAM takes reasonable steps to provide up-to-date, accurate and reliable information, and believes the information to be so when printed. RBC GAM reserves the right at any time and without notice to change, amend or cease publication of the information.

Any investment and economic outlook information contained in this document has been compiled by RBC GAM from various sources. Information obtained from third parties is believed to be reliable, but no representation or warranty, express or implied, is made by RBC GAM, its affiliates or any other person as to its accuracy, completeness or correctness. RBC GAM and its affiliates assume no responsibility for any errors or omissions.

Past performance is not indicative of future results. With all investments there is a risk of loss of all or a portion of the amount invested. Where return estimates are shown, these are provided for illustrative purposes only and should not be construed as a prediction of returns; actual returns may be higher or lower than those shown and may vary substantially, especially over shorter time periods. It is not possible to invest directly in an index.

Some of the statements contained in this document may be considered forward-looking statements which provide current expectations or forecasts of future results or events. Forward-looking statements are not guarantees of future performance or events and involve risks and uncertainties. Do not place undue reliance on these statements because actual results or events may differ materially from those described in such forward-looking statements as a result of various factors. Before making any investment decisions, we encourage you to consider all relevant factors carefully.

® / TM Trademark(s) of Royal Bank of Canada. Used under licence.
© RBC Global Asset Management Inc., 2020