As corporate America continues to grapple with the mounting cyber threat, a new survey reveals investors want more information about security practices and may even shun stocks of companies with a poor cyber track record.
The survey, conducted by Zogby Analytics and released by HBGary, raises difficult questions facing C-Suites as regulators push for greater cyber transparency, while CEOs are leery of generating negative PR.
According to the survey of 405 U.S. investors, more than 70% of investors are interested in reviewing public company cyber security practices and almost 80% would likely not consider investing in a company with a history of attacks.
Interestingly, respondents indicated they were twice as worried about a company having a breach of customer data (57%) than theft of intellectual property (29%).
“Consumer data breaches grab the headlines and the large liability settlements. But the lack of concern for IP theft, underscores the need for broader education about the financial risk IP theft poses to a company," Jim Butterworth, HBGary chief security officer, said in the report. "The pilfering of American company trade secrets and other sensitive data is happening every day – costing our corporations billions of dollars in lost revenue."
The survey comes amid a rise in attention on cyber security, triggered in part by a long slew of high-profile attack disclosures, including ones by the Federal Reserve, The New York Times (NYT), Apple (AAPL), Facebook (FB), Twitter and large banks like Wells Fargo (WFC).
Lawmakers in Congress are still trying to pass a comprehensive cyber security bill and last month the White House unveiled a new executive order aimed at addressing this complex issue.
It appears investors are paying attention.
According to the HBGary report, more than 66% of investors surveyed said they are likely to research whether a company has been fined or sanctioned for prior cyber incidents.
The survey, which carries a margin of error of plus or minus five percentage points, also revealed that 66% of investors feel that corporate responses to attacks are more noteworthy than the actual attacks.
Last week Citigroup (C) touched on cyber security in its annual 10-K filing, acknowledging “limited losses” and increased security expenditures from cyber attacks. The bank warned that attacks “could occur more frequently and on a more significant scale” in the future.
Goldman Sachs (GS) also mentioned cyber security in its annual filing on Friday, saying it has “developed and implemented a framework of principles, policies and technology to protect the information provided to us by our clients and that of the firm from cyber attacks.”