By Steffen Müller

The US companies’ disclosures of cyber risks rarely provide differentiated or actionable information, PwC US warned in a joint report issued in collaboration with the Investor Responsibility Research Center Institute (IRRCi).

The report, What investors need to know about cybersecurity: How to evaluate the investment, encourages investors to demand better and more actionable disclosure on the companies’ cybersecurity policy across all industry sectors.

"The reality today is that virtually every company is reliant on information and technology, so not one company or sector is left out," IRRCi executive director Jon Lukomnik said.

According to the report, the topic of cybersecurity "has moved from the back office to the corporate board room," since poor cybersecurity can lead, amongst others, to lost revenue, compromised intellectual property or increases in costs.

However, the steps the boards take to address potential cyber risks tend to be hesitant and often lack disclosure and transparency for investors struggling to evaluate investment risk, the report read.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Tick here to opt out of curated industry news, reports, and event updates from International Accounting Bulletin.

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

"Even when boards do act, investors often feel in the dark on cybersecurity," Lukomnik said and continued: "First, it’s dynamic and highly technical. Second, companies can be reluctant to disclose details on threats because they are concerned about providing hackers with a roadmap to vulnerabilities."

PwC investor resource institute leader Kayla Gillan said that the investors should "begin to navigate critical cybersecurity issues, with a focus on sector-specific portfolio risk." The report suggests therefore that investors should question if there is a strong expertise in cybersecurity on the senior level of the company and if the company has response plans for cyber incidents.

According to the joint report, cyber-attacks affecting industry sectors happen for different reasons. While the financial services and the retail sectors become victim mostly out of financial gain and greed, attacks on the energy, the aerospace & defence and the government sector are often political motivated.

Related links:

PwC US

Report: What investors need to know about cybersecurity: How to evaluate the investment?