Cyber & AI: Royal London Asset Management, Addressing cyber risks

We continue to work with Royal London Asset Management through their collaborative engagement on cyber security addressing systemic cybersecurity risks. The initiative has enabled the development of a consistent and joint set of investor expectations, that is being used to evaluate cybersecurity processes across holdings exposed to high risk.

We engaged with an American health insurance provider following a cyber event to understand their response to the incident, remedial actions and future resilience measures to protect them from associated financial loss. The engagement provided valuable insights into their cybersecurity governance, including quarterly reports from the Chief Information Security Officer (CISO) on vulnerability management and new threat intelligence.

In 2024, we spoke with the CISO and Deputy Privacy Officer, who highlighted the increasing frequency of cyber events, including a significant incident involving a third-party provider. This led to the enforcement of multi-factor authentication (MFA) across all systems. It was reassuring to hear that the company has enhanced its strategy, focusing on threat hunting and intrusion detection, and collaborated with a leading cybersecurity firm for security measures.

Through this dialogue, we gained a deeper understanding of the company’s cybersecurity approach and management of potential financial impacts, and welcomed improvements made to strengthen the company’s defences.

At time of publishing, May 2025, RBC Asset Management is one of our partners on our Global Sustainable Equity portfolio