Not for release or distribution in the US.

Shareholders are increasingly seeking assurance that the companies they invest in are considering data and cyber security at board level, according to AMP Capital’s latest Corporate Governance Report.

The report argues that given the potential for significant reputational and financial implications of cyber security breaches the issue needs to be well-understood and prioritised. Cyber and data security can no longer be considered purely a technology issue and should be included in discussions between shareholders and company management and boards.

AMP Capital Corporate Governance Manager Karin Halliday said that the contribution technology makes to a company’s value is no longer driven purely by access to data but rather by how efficiently a company captures, manages, understands, leverages and protects that data.

“Understanding a company’s approach around cyber-attacks helps us understand their quality of governance, risk management and leadership. Well-governed companies are more likely to have a better understanding of the cyber risks and opportunities they face.

“How a company considers these factors may ultimately have the greatest impact on a company’s ability to generate superior long-term returns for shareholders,” said Ms Halliday.

AMP Capital’s environmental, social and governance (ESG) analysis first raised risks associated with breaches of data security as an issue in 2009 and has monitored the issue since then, noting the continuous increase in the investment implications of this risk. AMP Capital’s research highlighted that 90 per cent of breaches can be put down to the actions of people, with cyber and data threats coming from a wide range of internal, external and other factors such as staff carelessness (for example, losing a memory stick with confidential data on it), opening a dangerous email attachment and physical equipment failure.

The AMP Capital Corporate Governance Report lists seven reasons why data security matters more now than ever before. They include:

  • Technology is constantly changing and has an ever-widening reach.
  • There is greater emphasis on privacy of data.
  • Risks are relentlessly shifting and becoming more complex.
  • Ever-increasing numbers of records and inter-connectedness means a great number of people will be affected by breaches
  • It is impossible for companies to be prepared for all attacks.
  • News of breaches travels fast and has an instantaneous impact on reputation and demand for a company’s products or services.
  • The costs of prevention and remediation of data security breaches are rising.

Ms Halliday noted: “Looking beyond the financial statements and considering ESG factors such as data security can uncover the greatest drivers of company value and lead to better informed investment decisions and potentially higher returns.

“While specific sustainability drivers vary from industry to industry there is a clear correlation between how effectively a company manages ESG factors and financial returns.”

The report also analyses the ESG drivers of the banking sector and identifies a number of key investment themes at an industry and company level such as regulatory change, technological innovation and customer satisfaction. AMP Capital research shows that over periods of one, two and four years, major banks with better ESG ratings have outperformed the banks with poorer ESG ratings.

In addition, the latest Corporate Governance Report provides an update on the ASX Corporate Governance Council’s new rules on disclosure requirements on ESG risks and board skills matrix.

About the report:

AMP Capital takes its responsibilities as an investment manager, an agent of shareholders and steward of its clients’ assets seriously and twice-yearly releases an overview of proxy voting and engagement activity via the Corporate Governance Report.

During the 2014/15 financial year proxy season, AMP Capital submitted votes on 1609 resolutions at 298 company meetings. Of these resolutions, 10 per cent were not supported. A significant proportion of AMP Capital’s concerns relate to company pay structures and during this period 19 per cent (46/245) remuneration reports were not supported by AMP Capital.