The high stakes of cybersecurity

As digitalisation continues, artificial intelligence (AI) accelerates, and geopolitical tensions persist, the frequency, sophistication and financial consequences of cyber attacks continue to rise. Companies across sectors – not only those traditionally viewed as high-risk – are now exposed. For long-term investors, the relevant question is not whether cyber risk exists, but whether companies are prepared to manage it.

In 2025, we applied our proprietary cybersecurity assessment framework to certain portfolio companies that we consider relatively exposed to cyber risk, with the objective of assessing this potentially financially material risk at a corporate level.

The threat landscape
Cybercrime is projected to cost $10.5 trillion in 2025, outpacing cybersecurity investment by nearly 50x.¹ Credit bureau Equifax provides an effective illustration of the increasing frequency of attacks: in 2024 it responded to more than 15 million cyber threats - that’s nearly 175 hostile attempts every second and a 25% increase from 2023.² High-profile incidents continue to illustrate the scale of potential damage. In the UK, ransomware attacks in 2025 disrupted operations at major corporates, contributing to hundreds of millions in lost profit and remediation costs.

At the same time, many executives acknowledge that preparedness gaps remain. A survey of Chief Information Security Officers³ indicate that a majority expect a material attack within the next 12 months, yet a significant proportion feel underprepared to respond.

Widespread digitalisation means that every company is now a data company. As a result, the size of companies’ attack surfaces – the number of possible points where an unauthorised user can access a system and extract data – has increased. Additional factors that may also expand a company’s attack surfaces include:

• Extensive automation and the Internet of Things (IoT)⁴
• Greater reliance on cloud and hybrid infrastructure
• Increased dependence on third-party vendors
• More complex global supply chains
• Larger and more distributed workforces
• Ongoing M&A⁵ activity

Human error remains a leading cause of successful breaches, but supply chain vulnerabilities are becoming equally significant. For acquisitive companies in particular, inadequate integration of cybersecurity due diligence can introduce hidden risks.

Game-changing new technologies
AI is reshaping cybersecurity. On one hand, generative AI (GenAI) lowers the barrier to entry for attackers. Phishing campaigns are more convincing, vulnerability scanning can be automated at scale, and malicious activity can be deployed with greater speed and sophistication. On the other hand, AI-enabled defences can significantly reduce the time required to detect and respond to threats. Research suggests that organisations using AI within their cybersecurity defences experience lower average breach costs and faster containment.⁶ However in our view, companies must also consider the additional security requirements of AI tools, as research identified AI-related vulnerabilities as the fastest-growing cyber risk in 2025.⁷

Quantum computing presents a longer dated but potentially transformative threat. The prospect of “harvest now, decrypt later” attacks – in which encrypted data is stolen today to be decrypted in future – introduces risk to sensitive data with long shelf lives, including financial records, intellectual property and health information. However, defences are already in development. In 2024 the U.S. National Institute of Standards and Technology (NIST) released its first Post-Quantum Cryptography (PQC) standards and U.S. cyber agencies are already urging organisations to start quantum readiness work. Given that cryptographic transitions historically take many years, we believe early preparation for post-quantum cryptography is prudent, particularly for companies holding long-duration sensitive data.

Read more

Risk Considerations
There is no assurance that a portfolio will achieve its investment objective. Portfolios are subject to market risk, which is the possibility that the market value of securities owned by the portfolio will decline. Market values can change daily due to economic and other events (e.g. natural disasters, health crises, terrorism, conflicts and social unrest) that affect markets, countries, companies or governments. It is difficult to predict the timing, duration, and potential adverse effects (e.g. portfolio liquidity) of events. Accordingly, you can lose money investing in this strategy. Please be aware that this strategy may be subject to certain additional risks. Changes in the worldwide economy, consumer spending, competition, demographics and consumer preferences, government regulation and economic conditions may adversely affect global franchise companies and may negatively impact the strategy to a greater extent than if the strategy’s assets were invested in a wider variety of companies. In general, equity securities’ values also fluctuate in response to activities specific to a company. Investments in foreign markets entail special risks such as currency, political, economic, and market risks. Stocks of small- and mid-capitalisation companies carry special risks, such as limited product lines, markets and financial resources, and greater market volatility than securities of larger, more established companies. The risks of investing in emerging market countries are greater than risks associated with investments in foreign developed markets. Derivative instruments may disproportionately increase losses and have a significant impact on performance. They also may be subject to counterparty, liquidity, valuation, correlation and market risks. Illiquid securities may be more difficult to sell and value than publicly traded securities (liquidity risk). Non-diversified portfolios often invest in a more limited number of issuers. As such, changes in the financial condition or market value of a single issuer may cause greater volatility. ESG strategies that incorporate impact investing and/or Environmental, Social and Governance (ESG) factors could result in relative investment performance deviating from other strategies or broad market benchmarks, depending on whether such sectors or investments are in or out of favor in the market. As a result, there is no assurance ESG strategies could result in more favorable investment performance.