australiaen
Robeco involves cyber expert in its investment process

Robeco involves cyber expert in its investment process

10-07-2018 | Insight

Robeco has involved a cyber expert in its investment process for the past year. This white hat hacker is investigating the degree to which companies Robeco invests in might appeal to hackers and which business units are at risk.

The expert also develops strategies for the fund house which it can go through with companies that are vulnerable to cybercrime. These engagement activities are an effort by the firm to improve the cybersecurity of the companies in which it invests.

This was revealed this morning at a Robeco trend event in Rotterdam, where fund managers Henk Grootveld, Jack Neele and Jeroen van Oerle, as well as trend analyst Vera Krückel, explained to journalists which of the current trends they consider most important: fintech, e-Sports and cybersecurity.

Warning

The cyber expert has warned Robeco on at least one occasion of an ‘open’ development department at a financial company, according to Jeroen van Oerle, Robeco Fintech fund manager. “So I discussed it with the company. As it turned out, it had been done deliberately. What's more, the department was completely disconnected from the rest of the company, so the situation posed no risk to the other departments.”

Despite being a false alarm, the discovery has actually been highly valuable for Robeco, as have other findings reported by the white hat. Van Oerle: “It has led to discussions with companies that we wouldn't otherwise have had.”

Part of ESG policy

Cybersecurity should be top priority, according to Head of Trend Investing Henk Grootveld and Trend Investing Equity team analyst Vera Krückel. That explains not only why they hired a cyber expert, but also why cybersecurity will be a permanent fixture of the 'governance' aspects of Robeco's ESG policy from now on.

And this entails more than just going through the cybersecurity section of the ESG questionnaires of the likes of KPMG or PWC. “You have to verify whether steps are actually being taken,” explain the fund managers. “We don't just look at companies' potential weak points, but also their cybersecurity strategy and governance.”  

A broad approach is necessary, says the team, because cybersecurity is not only important for obvious companies like fintechs, online retailers and IT firms. “Cybersecurity doesn't always play a direct role at companies − it can impact them in so many other ways,” says Krückel

Opportunities

She doesn't think it's all doom and gloom, however, and points out the myriad investment opportunities in cybersecurity. Each year, companies spend an average of nearly USD 12 million on cybersecurity. That's money that parties specializing in online security are all too pleased to rake in.

Krückel does, however, note that it's not easy to choose from the many companies that are in some way ‘active’ in cybersecurity. All the various sub-disciplines in the industry make it somewhat confusing. Where one company focuses on cellphone protection, another specializes in data protection and yet another on infrastructure security.

Not to mention the countless businesses that want to piggyback on the trend, and have innovative ideas − or at least think they do. According to Krückel, there are around 1,500 start-ups which could turn into successful companies, or could fail miserably.

Life cycle

That's why Robeco uses a life cycle to classify the different cybersecurity companies. A company begins the cycle in the introduction stage, after which it can move from ‘growth’ to ‘maturity’ and, finally, ‘decline’. Robeco allocates the core positions in the portfolio to cash cows such as Trend Micro and Symantec. But innovative players, such as Cyberark and Splunk, also have their place.

This text is a shortened version of an article that was first published in Fondsnieuws magazine, a Dutch publication for professional investors.

Subjects related to this article are:
Logo

Disclaimer

BY CLICKING ON “I AGREE”, I DECLARE I AM A WHOLESALE CLIENT AS DEFINED IN THE CORPORATIONS ACT 2001.

What is a Wholesale Client?
A person or entity is a “wholesale client” if they satisfy the requirements of section 761G of the Corporations Act.
This commonly includes a person or entity:

  • who holds an Australian Financial Services License
  • who has or controls at least $10 million (and may include funds held by an associate or under a trust that the person manages)
  • that is a body regulated by APRA other than a trustee of:
    (i) a superannuation fund;
    (ii) an approved deposit fund;
    (iii) a pooled superannuation trust; or
    (iv) a public sector superannuation scheme.
    within the meaning of the Superannuation Industry (Supervision) Act 1993
  • that is a body registered under the Financial Corporations Act 1974.
  • that is a trustee of:
    (i) a superannuation fund; or
    (ii) an approved deposit fund; or
    (iii) a pooled superannuation trust; or
    (iv) a public sector superannuation scheme
    within the meaning of the Superannuation Industry (Supervision) Act 1993 and the fund, trust or scheme has net assets of at least $10 million.
  • that is a listed entity or a related body corporate of a listed entity
  • that is an exempt public authority
  • that is a body corporate, or an unincorporated body, that:
    (i) carries on a business of investment in financial products, interests in land or other investments; and
    (ii) for those purposes, invests funds received (directly or indirectly) following an offer or invitation to the public, within the meaning of section 82 of the Corporations Act 2001, the terms of which provided for the funds subscribed to be invested for those purposes.
  • that is a foreign entity which, if established or incorporated in Australia, would be covered by one of the preceding paragraphs.
I Disagree