Equities

Fintech equities: are investors neglecting cybersecurity risk?

Fintech equities: are investors neglecting cybersecurity risk?
Jeroen van Oerle - Portfolio Manager

Jeroen van Oerle

Portfolio Manager
Foort Hamelink - Head of Research

Foort Hamelink

Head of Research
Charlie Parker-Williams - Quantitative Analyst

Charlie Parker-Williams

Quantitative Analyst

Cyberattacks can disrupt corporate operations, compromise customers, damage credibility and draw regulatory fines – weakening the bottom line and therefore fundamentals. In this white paper, we ask: are equity investors accurately pricing-in the impact of hacks on stock prices? 

 

Need to know

  • We analyse a dataset of companies which experienced cyberattacks to examine the subsequent impact on their fundamentals and stock-price performance
  • Our findings show these hacks resulted in significant financial costs, which became evident in subsequent quarterly and annual company reports – but were not apparent in stock prices
  • This reaffirms our view that cyber-risk is underappreciated by the market, and our conviction in using an evidence-based approach to identify and engage on it

 

Do hacks move stock prices?

Building on insights from our July 2022 white paper, in which we detailed the impact of cyber-breaches on companies and described our approach to managing this risk, we have tested whether the impacts of hacks on fintech businesses are being accurately priced by the equity market.

Covering 81 cyberattacks on 75 fintech companies over a 17-year period, our analysis focuses on how hacks impact capital and operating expenditure (capex and opex), and selling, general and administrative (SG&A) costs.

The conclusions are clear: in the subsequent quarterly and annual periods, companies reported increased capex and opex, and higher SG&A costs. But this had no impact on their stock prices, meaning that markets are far from efficient – perhaps even neglectful – in pricing the impact of cyber-breaches.   

 

The need for evidence-based risk management

This disconnect between financial impact and stock prices presents both a risk to be managed and a potential information edge for active managers. How should they proceed?

Ask any company if it has a cybersecurity policy in place, and the answer will invariably be: “yes”. But the numbers could tell a different story about its resilience against hackers. Therefore, instead of relying on questionnaire-based reports from ESG research providers, we have developed an evidence-based approach to understanding and acting on cyber risks among portfolio companies.

We have implemented this process since mid-2022. In this short period, three clear insights have already emerged:

  1. Finding cybersecurity threats is like searching for needles in a haystack. Even so, in our view the benefits of safeguarding data outweigh the costs and there is no excuse for companies to not act on known vulnerabilities provided at no cost by the US cyber-defence authority
  2. Companies that neglect cyber risks for 30 days usually do so for up to 100 days or longer, making them increasingly vulnerable. Investors should therefore differentiate between companies with active and passive reflexes to patching vulnerabilities
  3. Engagement works. If a critical software risk at a company persists for longer than a month in our screens, we contact the firm and work with our stewardship team to encourage improvement. Most companies have been eager to co-operate with us.

Cybersecurity is one of many aspects of an investment decision, but its implications for stock fundamentals justify a robust, evidence-driven approach to identifying weaknesses among portfolio companies and engaging for greater resilience, in our view.

To read our complete research findings and understand our methodology, please download the white paper.

To learn more about our Global FinTech equity strategy, please click here.

important information.

For professional investor use only

This document is issued by Lombard Odier Asset Management (Europe) Limited, authorised and regulated by the Financial Conduct Authority (the “FCA”), and entered on the FCA register with registration number 515393.
Lombard Odier Investment Managers (“LOIM”) is a trade name.
This document is provided for information purposes only and does not constitute an offer or a recommendation to purchase or sell any security or service. It is not intended for distribution, publication, or use in any jurisdiction where such distribution, publication, or use would be unlawful. This material does not contain personalized recommendations or advice and is not intended to substitute any professional advice on investment in financial products. Before entering into any transaction, an investor should consider carefully the suitability of a transaction to his/her particular circumstances and, where necessary, obtain independent professional advice in respect of risks, as well as any legal, regulatory, credit, tax, and accounting consequences. This document is the property of LOIM and is addressed to its recipient exclusively for their personal use. It may not be reproduced (in whole or in part), transmitted, modified, or used for any other purpose without the prior written permission of LOIM. This material contains the opinions of LOIM, as at the date of issue.
Neither this document nor any copy thereof may be sent, taken into, or distributed in the United States of America, any of its territories or possessions or areas subject to its jurisdiction, or to or for the benefit of a United States Person. For this purpose, the term "United States Person" shall mean any citizen, national or resident of the United States of America, partnership organized or existing in any state, territory or possession of the United States of America, a corporation organized under the laws of the United States or of any state, territory or possession thereof, or any estate or trust that is subject to United States Federal income tax regardless of the source of its income.
Source of the figures: Unless otherwise stated, figures are prepared by LOIM.
Although certain information has been obtained from public sources believed to be reliable, without independent verification, we cannot guarantee its accuracy or the completeness of all information available from public sources.
Views and opinions expressed are for informational purposes only and do not constitute a recommendation by LOIM to buy, sell or hold any security. Views and opinions are current as of the date of this presentation and may be subject to change. They should not be construed as investment advice.
No part of this material may be (i) copied, photocopied or duplicated in any form, by any means, or (ii) distributed to any person that is not an employee, officer, director, or authorised agent of the recipient, without Lombard Odier Asset Management (Europe) Limited prior consent. In the United Kingdom, this material is a marketing material and has been approved by Lombard Odier Asset Management (Europe) Limited  which is authorized and regulated by the FCA.

© 2024 Lombard Odier IM. All rights reserved.