Skip to main content

Cybersecurity Risk and ESG: Systemic Events Analysis

Posted on December 5, 2022

Liam Zerter
Liam Zerter
Quantitative Research Manager, Methodology & Product Architecture
Melissa Hudson
Melissa Hudson
Associate Director, Research Products

Black swans are unexpected events characterized by their extreme rarity, severe impact, and widespread insistence that they were obvious in hindsight.

The sudden changes caused by global crisis force companies to adapt and change how they do everyday business. With digitization becoming increasingly embedded in more aspects of companies’ operations, cybersecurity software is an essential infrastructure that needs to be developed alongside new processes. Essentially, it is complementary product to the activity of new and existing operations.

Recent and still persistent global crises, such as the COVID-19 pandemic or the Russian-Ukrainian war, can be seen as a catalyst for companies willing to restructure their everyday business processes.

The COVID-19 pandemic quickly created a demand for a new flexible way to work remotely, along with a higher demand for delivery services. As a result, the spending on identity management services and e-commerce platforms increased—according to the World Economic Forum—leading to an increased requirement for companies to monitor added access points for hackers as the IT landscape effectively expanded.

When looking at cybersecurity thematic funds, we found evidence of the increased need for monitoring cyberthreats. Based on this preliminary analysis, we created a cybersecurity model fund by combining four of the oldest cybersecurity thematic funds and comparing the performance against an IT benchmark. Then, we compared the performance during the Russian invasion of Ukraine, expecting a boosted demand for cybersecurity products to directly benefit cybersecurity companies' stock prices.

Within the first 15 days of the Russian-Ukrainian war—24 February to 11 March 2022—the cybersecurity fund increased by 5.1%, whereas the benchmark Technology exchanged-traded fund declined by -5.8%, a difference of 10.9%, as Exhibit 1 shows. 

This performance gap is strikingly similar to the COVID-19 pandemic rebound at the end of March 2020: a 15-day trading divergence greater than 10% has only occurred twice.

Exhibit 1: Price Action of Cybersecurity Funds - Russia-Ukrainian War Effect

Model Cybersecurity Fund consists of an equal weight investment in the Beta Shares Global Cybersecurity ETF, ETFMG Prime Cyber Security ETF, First Trust Nasdaq Cybersecurity ETF, and the L&G Cyber Security ETF.
Source: Morningstar Sustainalytics

From 8 February to 8 September 2022, our cybersecurity model fund is down only -13.9%, ahead of the sector benchmark, which is down -17.0%. This is a current outperformance of 3.1% against a benchmark that has consistently outperformed our cybersecurity model fund over the past five years. Following the Russian invasion of Ukraine, cyberwarfare is perceived as an imminent risk for the first time: A thought-provoking finding.

The Russian invasion scaled cyberthreats upward, pushing for increased security of vital infrastructure while underpinning the IT landscape expansion initiated by COVID-19.

Ultimately, some systemic events have the potential to compound on one another and exponentially increase environmental, social and governance (ESG) risk and financial cost. 

More and more, cyberthreats are perceived as a systemic ESG risk, as illustrated by both global systemic events, the COVID-19 pandemic, and the Russian invasion of Ukraine. As such, it is timely for companies to consider incorporating ESG countermeasures to mitigate the potential financial losses of cyberattacks.

For further insights, read our recently published paper The Impact of Cyberattacks on Stock Prices, where we highlight that companies with robust Data Privacy and Security policies are better prepared to mitigate financial losses. Furthermore, our blog Cybersecurity: A Growing ESG and Business Risk highlights the evolving trends and complexities of the cybersecurity landscape.

 

impact of cyberattacks on stock prices

 


Recent Content

European Union flag in the wind

EU Corporate Climate Disclosures: An Evaluation of Completeness and Quality

In this article, we evaluate European issuers’ preparedness to manage the shift toward a low-carbon economy using data from Morningstar Sustainalytics’ Low Carbon Transition Rating.

DEI Rollbacks Impact on ESG Risk Ratings and Broader Implications for Investors

DEI Rollbacks: Impact on ESG Risk Ratings and Broader Implications for Investors

This article covers how not all reported rollbacks in diversity, equity, and inclusion (DEI) initiatives will have the same impact. Due to the relatively low weight of DEI in Sustainalytics’ ESG Risk Rating, we do not anticipate significant changes to overall ratings.

Close up of a bee on the petals of a bright yellow flower

Addressing the Drivers of Biodiversity Loss: Key Solutions for Companies and Investors

In this article, we highlight key focus areas for companies and institutional investors to prioritize to meaningfully address biodiversity loss.

Industrial Scale Decarbonization in the EU Stewardship Field Notes from Germany, France and Spain

Industrial-Scale Decarbonization in the EU: Stewardship Field Notes From Germany, France and Spain

This article covers how Morningstar Sustainalytics’ Stewardship Team embarked on a field trip in November 2024 to learn how EU industry leaders are navigating the complex challenges of the energy transition.