The New York Stock Exchange held its first Cyber Investing Summit on May 3. The event featured a range of speakers and panels on investing in cyber security.  Key speaker Richard ‘Dick’ Grasso, former NYSE chair and CEO, spoke about cyber security in his role as advisor to cyber security firm root9B.  The firm is owned by Joe Grano, former PaineWebber CEO and Chairman of the Homeland Security Advisory Council. Mr. Grasso sits with a number of ex-government people on the advisory board of root9B.

Mr. Grasso spoke about the growing cyber security threat, particularly to financial institutions, utilities and aircraft control, as a war on capitalism. The response by companies, he said, should be to draw upon the US Government’s expertise, including recruiting its people, and to prepare for war. The way forward, in his view, is to combine people and technology to develop solutions that respond effectively to this threat.

Mr. Grasso made a bold prediction on cyber security and corporate governance, stating that over the next two to three years, companies will introduce independent cyber security board committees. This statement was applauded by the crowd but, separately, some cyber security vendors and advisors believe that cyber security is a standard business risk and will remain part of existing risk committees. How businesses will ultimately integrate cyber risk into their operations is seemingly still under consideration.

Mr. Grasso ended by reiterating the need to recruit people or hire companies that have government experience in dealing with cyber security.

Other takeaways from the conference include:

  • The cyber security industry is currently in flux, with major companies such as RSA and Symantec seemingly unable to pivot quickly enough to meet emerging threats, while embryonic companies lack the track record required by major customers.
  • While technology has advanced significantly, regulation and consumer behavior have been slow to respond. The largest issue for consumers is a broad lack of awareness of the threats and what can be done to mitigate them. Regulation is slow as there is a lack of clarity about who is responsible for cyber security threats, particularly if the threats can be linked to foreign governments.
  • The industry is still at the level of educating customers on cyber security and developing more easily understandable language so that CEOs and CTOs can be kept informed. However, the number of cyber attacks is growing and it is generally considered a question of ‘when, not if’ a cyber security issue will arise for a company.

The conference will now occur each year and will focus on where investments can be made in the industry.

Sebastian Vanderzeil is a Research Analyst with Cornerstone Capital Group. He holds an MBA from New York University’s Stern School of Business. Previously, Sebastian was an economic consultant with global technical services group AECOM, where he advised on the development and finance of major infrastructure across Asia and Australia. Sebastian also worked with the Queensland State Government on water and climate issues prior to establishing Australia’s first government-owned carbon broker, Ecofund Queensland.