ISS ESG launches new cyber risk index

Yasmine Raso

Senior Journalist, Financial Newswire

30 March 2023

The sustainable investment business of Institutional Shareholder Services (ISS), ISS Environmental, Social and Governance (ESG), has unveiled the ISS ESG US Cyber Risk Index which tracks companies with low cyber-related risks.

The companies tracked by the index is based on the ISS ESG Cyber Risk Score, which identifies the possibility of a company suffering a cybersecurity incident within the next 12 months and aims to shift the approach to proactively managing cyber risks.

The score model uses machine learning from a combination of the company’s cyber security risk behaviours, organisational security standards and historical data to pull out patterns that point to potential cyber threats.

Companies from the US large and mid-cap stock space are likely to feature on the index, but only issuers with a rating of low to negligible risk or an ISS ESG Cyber Risk Score between 650 and 850 are eligible.

Standardised ISS ESG screens are also applied to the index to constituents with ‘Red’ Norm Based Research flags, ‘Red’ Controversial Weapons flags and those with an overall ISS ESG Corporate Rating of D+ or lower.

“The cost of corporate cyber breaches can run in the hundreds of millions of dollars per incident. For investors, the launch of ISS ESG’s US Cyber Risk Index provides an investable tool to screen for companies with low or negligible expected relative exposure to cyber breaches within the next 12 months,” Hernando Cortina, Head of Index Strategy at ISS ESG, said.

“The new Cyber Risk Index is the latest example of ISS ESG’s innovative and differentiated index offerings, drawing on our evolving range of sustainability ratings and research, and high-quality data.”