June 08, 2023 Blogs 13 min read

Cyber risk insight as Alternative Data: A new frontier for investment managers


Cyber risk data as alternative data

Over the past couple of years, there has been a lot of buzz in the investment management world around the use of Alternative Data, a term which refers to any data source outside of traditional financial statements or company filings. Amidst this discussion and with the rapid rise of cyber attacks in recent years causing devastation to businesses financially and reputationally, it’s crucial not to overlook the significance of cyber risk in the Alternative Data conversation.

In our latest blog, we explain exactly why actionable cyber risk insights must become ‘go-to’ data for investment managers looking to stay ahead of the curve and drive better-informed decisions throughout an investment lifecycle in today’s rapidly-changing digital world.

In the age of digitalisation, the rate at which data is generated on a daily basis is staggering. Every click, swipe, transaction or any other type of data input produces an immense amount of information: information which provides incredibly valuable insights into consumer behaviour and market trends. This sheer volume of data can be overwhelming for investment managers trying to identify trends in the market, leading to the ability to extract meaningful insights becoming increasingly difficult. Despite these challenges, investment managers who are able to harness the power of data analytics are now discovering new ways to gain a competitive edge in the market, one of these being: Alternative Data.

The Buzz Around Alternative Data

So what exactly is Alternative Data? You might have heard of it in meetings, conferences or you may have caught wind of it in small talk between colleagues. Is it just another buzzword that will eventually fade away like Market Timing or Value Investing? Well, not exactly. In a nutshell, it’s a term which has increasingly become more prevalent in the investment management world in recent years and essentially refers to any data source outside of traditional financial statements or company filings.

This present-day data source can provide extensive insights into a company’s market trends or performance, unlocking new investment opportunities in order to generate higher returns. Unlike traditional data sources, Alternative Data is usually less structured, making it difficult for investment managers to analyse using conventional methods. Alternative data takes advantage of the power of technology and machine learning in order to extract previously inextricable insights from Alternative Data sources.

A few examples of Alternative Data sources include social media, in which platforms such as Facebook, Twitter and LinkedIn can give investment managers unique insights into consumer sentiment, market trends, and an overall image of brand reputation in order to see how well they’re performing. Another example of Alternative Data is satellite imagery. Yes, you heard that right. If you want to make your portfolio out of this world, then take note because analysing satellite data and images have become increasingly popular in recent years. This offbeat method gives investment managers a bird’s eye view of valuable insights into the health and activity of certain businesses such as agriculture, urban planning, the number of ships in a port, or even the number of cars in a retailer’s car park – giving you deep insights into the true performance of a client’s business in various industries and geographies. A final noteworthy example of Alternative Data that’s currently on the rise is credit and debit card payments. This gives the opportunity to recognise consumers’ spending patterns, shopping preferences, and gives you a broader view of economic trends and see exactly what people are spending their money on.

These are just a few examples, but there are many other types of Alternative Data which can give the right insights to help investment managers take advantage of the rapid evolution of technology to drive better-informed investment decisions. With all that said, there is one crucial aspect that often gets overlooked in the discussion of Alternative Data in today’s new-look digital environment, and that is Cyber Risk.

Why Cyber risk shouldn’t be ignored as an Alternative Data source

While the concept of cyber risks isn’t novel, the severity and frequency of digital threats have grown dramatically over the last decade, particularly in light of the rising reliance on technology and the increased remote business operations. Unfortunately, this means that in today’s interconnected era, all investments face the risk of cyber attacks, regardless of their industry, size or geographical location. These relentless attacks can wreak havoc on organisations and may result in substantial financial losses causing setbacks that can jeopardise a business' operations, cause irreparable reputational damage, and even impede growth leading to bankruptcy. Among some of the many threats businesses must grapple with, there are some particularly noteworthy examples:

  • Supply Chain Attacks - These are attacks that target the systems and software used by a company's suppliers or partners in order to gain access to the company's own systems and data.

  • Malware - This refers to any type of software that is designed to harm a computer or network, such as viruses, trojans, and ransomware.

  • Phishing - A type of cyber attack that involves tricking individuals via email into sharing sensitive information, such as login credentials or credit card numbers.

  • Ransomware - A type of malware that encrypts a victim's files or data and then demands payment in exchange for the decryption key or deletion of the files - usually in the form of cryptocurrency.

These are just a few examples of prevalent attack methods in recent years that are bringing businesses to their knees. It’s also important to remember that as technology evolves, so will the sophistication of digital threats. As a result of this, in recent years investment managers have started to consider the devastating impact of cyber risks on their investments. With the average cost of a data breach being £4.56 million, investment firms are desperately looking for an antidote.

Being aware of cyber risk is one thing. But actually seeing, understanding and managing your investment’s cyber exposure is completely different. Currently, cyber risk data remains largely underutilised in the investment management industry due to its complex and opaque nature, hindering its effective use. In the past decade alone technology has evolved faster than any of us could have predicted, and a slew of innovative strategies have emerged reshaping the investment landscape in unforeseen ways. In a world where businesses are relying heavily on technology and interconnection, investment managers can no longer ignore the ongoing concern of cyber attacks and the devastating impact they can have on their portfolios. This is why it’s crucial that cyber risk remains a top priority and the significant amount of cyber risk data available must be used to its full potential in order to protect investments.

The importance of cyber risk insight

There are various benefits to leveraging cyber risk insights in investment management processes. A valuable tool for predicting investment performance can give you an unparalleled view into the potential vulnerabilities in a company’s cybersecurity infrastructure. By gaining insights into a company’s posture, investors are able to get a better understanding of the potential risks associated with their investments which helps them to identify potential red flags and take steps to mitigate these risks before they become a problem. By having access to this crucial information, cyber risk intelligence can be utilised as a source of Alternative Data for investment managers. Once investment managers incorporate a businesses’ cyber risk insight into their investment models as one would with ESG (Environmental, Social and Governance), investors can gain invaluable insight into potential risks which otherwise would not be able to be captured by traditional financial data. By looking at cyber risks over time, investment managers can also gain a deeper understanding of how a company manages their risk posture, providing an extensive view into the company's long-term viability and potential for growth. This is particularly relevant as ESG considerations are now being considered more and more within the industry.

Cyber risks and ESG Considerations

There has been a growing trend towards ESG considerations within investment management in recent years. Investment managers who want to ensure their portfolio companies align with their values are quickly realising the positive impact on their investments when incorporating cyber risks into ESG. In fact, we talked about how cyber is already considered to be a part of ESG in our blog here. More recently, in April 2023 The Tel Aviv Stock Exchange (TASE) sent out ESG questionnaires to businesses in order to highlight the importance, increase awareness and promote ESG among investors and public companies. Businesses were then asked to publish their results online enabling investors to receive more information about the businesses’ performance in relation to corporate social responsibility.

ESG considerations have a significant impact on a company’s sustainability and long-term growth, and with the rise in technology and digitalisation, investors are increasingly focusing on ESG factors when evaluating companies. They are using these factors to assess their investment decisions and one area which is becoming increasingly important in ESG, is cyber. Among many serious repercussions of cyber incidents, a single successful cyber attack on a business can result in a huge loss of sensitive business and customer data leading to financial losses either from heavy fines or ransomware payment - both of which are usually in the millions. This is precisely the reason investment managers should be looking into cyber risk data as a way to mitigate potential cyber threats and ensure sustainable growth. Investors who use data-driven risk intelligence to access a company’s digital risk posture are able to identify potential vulnerabilities which may crush a business before they have time to strike. This allows them to make better informed investment decisions and ensure that companies are taking the right measures to protect their systems and data.

As we mentioned earlier, there’s a growing importance of cyber risks in ESG due to increased regulatory scrutiny. GDPR, one of the toughest privacy and security laws in the world, makes it a businesses’ responsibility to protect all of its customer and employee data, and together with any legal damages, a business which fails to protect its sensitive data can result in some heavy fines. £17.5 million to be exact (or 4% of total annual global turnover - whichever is higher). Throughout the years, companies have opted to pay the hackers ransom, however this doesn’t only increase the chances of the same hackers returning and asking for more, but the FCA (Financial Conduct Authority) in the UK now requires firms to have adequate protection for its business, stating:

“A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.[Principle 3] ” and “A firm must deal with its regulators in an open and cooperative way, and must disclose to the FCA appropriately anything relating to the firm of which that regulator would reasonably expect notice.[Principle 11]

The FCA explains that businesses must now report cyber attacks that result in the loss of data or controls and impact a large number of victims. Failure to disclose this could lead to… you’ve guessed it… more fines. That’s exactly what happened to Uber and they were fined a whopping $147 million. As demonstrated, these regulations not only have significant financial implications for companies, but the reputation of a company is also at stake as even the most loyal customers change their overall opinion on the business and flock to safer alternatives. A survey by Ping reported that 81% of consumers would stop engaging with a brand online after a data breach, which is why it is essential for companies and their investors to take cybersecurity as seriously as they do ESG and implement robust measures to protect against cyber attacks. Implementing cyber risk management technology such as KYND in order to see, understand and mitigate these vulnerabilities is not only essential, but it is the most efficient way to stop these vulnerabilities before hackers have a chance to exploit them, and to keep your portfolio safe.

How KYND Helps Investment Managers

One of the main benefits of KYND’s services is the abundance of readily available and transparent cyber risk data at your fingertips. This allows investment managers to make informed decisions about the risks associated with their potential and existing investments. KYND provides up-to-date information on the cyber posture of a company enabling investment managers to understand the risks associated with their portfolio companies, allowing them to make evidence -based decisions based on the information they receive.

One of these services is KYND SIGNALS, which gives investment managers an evidence based view of the cyber risks facing their portfolio and how each invested company manages their risk profile over time. This advanced technology uses easy to see and understand visualisations (Red, Amber, Green) of a company’s risk posture, which gives investment managers the power to quickly identify areas of concern for their portfolio companies. If a business is in the red, they can be issued KYND SIGNALS Client Reports - a remediation report which allows portfolio companies to understand and mitigate these risks without the need for them to sift through complex cyber data.

KYND’s innovative technology harnesses the power of its advanced technology in order to bring a range of services and tools, and to give investment managers peace of mind that their portfolio is in safe hands. This technology proves continuous risk monitoring and alert services, which ensure that investment managers are always ahead of the ever-growing threat of cyber threats and any changes in a company’s risk profile in real time. Not only does this give investment managers the power to make better informed decisions, but it allows them to provide added value to their clients in order for them to identify and mitigate potential risks quickly and efficiently. By providing a clear and actionable overview of vulnerabilities and personalised reports for remediation, KYND SIGNALS is a must-have for investment managers wanting to ensure the life cycle of their investments’ cyber resilience and also allows them to focus on maintaining healthy portfolios.


Alternative data is already revolutionising the investment management industry and more investment managers are quickly taking advantage of this knowledge to protect their investments and increase the overall value of their portfolios. Alternative data such as cyber risk intelligence is becoming an increasingly valuable tool for investment firms to always be on top of their portfolios’ vulnerabilities. It’s also crucial to keep in mind that cyber attacks are becoming more sophisticated and prevalent by the day and in order to stay on top of these risks, investment managers must be aware of the potential impact on their portfolios. Having access to this information gives investment managers the power to identify red flags and quickly mitigate these risks and incorporate the data into their risk decisioning models before they become problematic. This is why it’s crucial that cyber risk remains a top priority and financial firms include actionable cyber risk data into their investment processes to drive better informed decisions and protect their investments against digital perils at the same time.

As ESG factors are already widely used as a tool for measuring sustainability and societal impact of investments, integrating cyber risk data with ESG considerations will also provide a more comprehensive approach to investment management, presenting them with a holistic view of potential risks and opportunities associated with their investments.

Share this article
Join the newsletter

Accreditation & Features