Swiss Re, the world’s second largest reinsurer, has called for companies to release ‘cyber resilience’ reports, saying there needs to be more transparency into how prepared they are to defend against attacks. The company indicates that in the wake of COVID‑19, there will be greater pressure on companies to demonstrate how resilient they are in the face of increasing risks.
Swiss Re rightly calls attention to the need for greater transparency from companies on cyber risk — something Cyberhedge draws attention to through our indices and in each one of our product offerings. It specifically calls attention to a dearth of information in existing company reporting on cyber risks and the absence of any standards. This is also one reason why a standard on cyber risk disclosure in financial terms is needed.
The Cyberhedge Cyber Governance indices prove that cyber governance impacts shareholder value. YTD performance of 5-Star and 1-Star companies in these indices since the lockdown confirm that the management of technology, including cyber risk, now has even greater bearing on market performance as top companies across all sectors outperform while poorly rated 1-Stars dramatically underperform. This dynamic of market outperformance of the highest rated companies has been consistently shown by the Cyberhedge Cyber Governance indices since their launch in December 2016. Beazley data on the rise of ransomware attacks underscore why an increasing premium is placed on technology risk management. Cyber is the most important governance issue today and the last significant financial risk that is not managed like one.
To Swiss Re’s point about the need for ‘cyber resilience’ reports, we already know what resilience and a lack of resilience look like on a standardized basis, at scale. The accuracy of Cyberhedge ratings validated by the market in the form of the Cyber Governance indices proves it. Investors and companies would be better off if they did too.