Why you need to include cybersecurity in your investment thesis

According to the Australian Government’s Cyber Security Review, cybercrime is costing the nation up to $1 billion annually in direct costs alone. And the costs are rising. Clearly, it’s time for investors to factor the risk, and potential impact, of cyberattacks on the businesses they invest in.

This fact was highlighted at Citigroup’s recent annual Australian equity conference, which included a panel discussion on cybersecurity. The session highlighted the increasing risks a business faces from being hacked or in other ways attacked by electronic means.

There are quite a few ways that a business is at risk from cyberattacks and different ways that an attacker can hurt the future prospects for a business. To name a few that I think are especially important:

  1. There is a clear trend that criminals have changed their modus operandi during the last years away from stealing and selling information to instead hijacking information and encrypting it to blackmail companies to pay to unlock. This is a much easier, faster and less risky “business model” for attackers as you take away the step of having to find a buyer for the information you have stolen. The sums demanded for the release of the encrypted data can be very substantial and could put a real dent in a company’s profitability.
  2. The risk for industrial espionage is also increasing but this is according to the panel now much more targeted with the emergence of “hackers for hire” firms and certain countries state sponsored entities who attack a specific target with the intent of looking for specific information rather than hackers stealing information first and then trying to find a buyer.
  3. The strong trend to an exponentially increasing number of connected devices means that the number of potential entry points into a company’s computer system is multiplying rapidly. Given that many of these devices are relatively simple in nature, they might not always contain internal firewalls etc. and this is increasing the risk for attacks unless a company is very diligent in how they construct their systems.
  4. What is often forgotten when talking about cyberattacks is the reputational damage that it can cause which can be much more long-lasting than short term monetary damage. A company that has gotten the reputation of not being able to safely store and handle its customer’s information might find it very hard to recover. Yahoo is a prime example of this where its demise was most likely significantly sped up by a number of leaks of customers information.
  5. The risk that really opened up to me from the discussion was though the risk of increasing your security measures to the extent that they have a negative impact on a firm’s ability to conduct business. An example was give where a company had been the target of a number of “phishing attacks” where attackers attempted to gain information by faking email addresses. The rather drastic response from the company was to ban external emails which of course presented quite severe difficulties for employees whose job included contact with any external parties and the ban was very quickly reversed. Another example was from Singapore where a while ago some government departments IT systems were completely disconnected from Internet. This of course made it harder for attackers to hack into the IT systems directly but it also made life so hard for employees that they resorted to photographing their screens and sending these photos to people using their private emails from their phones. The private emails are of course not monitored and secured by the departments IT department so this instead increased the risk overall…

According to the panel, the amount a company should spend of cyber security varies widely between different industries but can be quite substantial for information based companies like finance where banks often spend more than 10 per cent of their total IT budget on security.

Going forward, I will incorporate into my analysis of companies an assessment of:

  1. How likely is it that a company will be a target? A company which invests heavily into R&D and which relies heavily on having a technological advantage is of higher risk than a company operating at a lower technological level, and companies whose business primarily involves handling information like a bank is of course much more exposed than a commodity company for example.
  2. What are the short-term and long-term consequences if a company has a serious cyberattack? Are these consequences primarily monetary, competitive or reputational?
  3. Is the company investing enough in cybersecurity?
  4. Does the company have good contingency plans in place to deal with a potential attack?

Our Funds

The Montgomery Fund

  • AUSTRALIA/NZ
  • Concentrated high conviction equities
  • From $25,000
Learn More

Montgomery Global Fund

  • GLOBAL
  • Concentrated high conviction equities
  • From $25,000
Learn More

Montgomery Alpha Plus Fund

  • GLOBAL
  • A market neutral strategy
  • From $50,000
Learn More

Montaka Global Access Fund

  • GLOBAL
  • Access long/short global equity portfolio
  • From $50,000
Learn More

Montgomery Global Equities Fund (ASX:MOGL)

  • GLOBAL
  • Concentrated high conviction equities
  • No minimum investment - see your broker limits
Learn More

Montgomery Small Companies Fund

  • AUSTRALIA/NZ
  • Concentrated high conviction equities
  • From $25,000
Learn More
Close

Our Funds

Concentrated High Conviction Equities

Listed

Montgomery Global Equities Fund (ASX:MOGL)

Global
Available on the ASX as an Exchange Traded Managed Fund, invests in 15 to 30 quality global businesses for long-term capital growth with a target distribution yield of 4.5% per annum. Mirrors the strategy of the Montgomery Global Fund.
Unlisted From $25,000

Montgomery Global Fund

Global
Invests in 15 to 30 quality global businesses for long-term capital growth. Priced daily. Mirrors the strategy of the Montgomery Global Equities Fund (ASX:MOGL).
Unlisted from $25,000

The Montgomery Fund

Australia/NZ
Aims to provide long-term growth and income by investing in 20 to 40 high-quality Australian and New Zealand businesses trading at attractive valuations. Priced daily.
New Fund

Montgomery Small Companies Fund

Australia/NZ
Aims to provide long-term growth by investing in 30 to 50 high quality, undervalued, Australian and NZ small and emerging companies with strong growth potential. Priced daily.
Unlisted from $1 Million

The Montgomery [Private] Fund

Australia/NZ
Seeks to deliver absolute returns from a portfolio of high-quality Australian and New Zealand businesses. Capital preservation is paramount. By invitation only.

Alternate Equity Strategies

Unlisted from $50,000

Montgomery Alpha Plus Fund

Global
Aims to generate positive returns in both rising and falling markets. Invests in 80 to 180 global businesses expected to deliver above-average returns, while selling short a similar-sized portfolio expected to deliver below-average returns. Priced daily.
Unlisted from $50,000

Montaka Global Access Fund

Global
Aims to generate materially higher risk-adjusted returns, net of fees, than is generally available in the equities market over the medium term. Priced monthly. Provides retail investors access to the Montaka Global Fund.
Unlisted From $1 Million

Montaka Global Fund

Global
Aims to generate materially higher risk-adjusted returns, net of fees, than is generally available in the equities market over the medium term. By invitation only.