We permit the publication of our auditors’ report, provided the report is published in full only and is accompanied by the full financial statements to which our auditors’ report relates, and is only published on an access-controlled page on your website, to enable users to verify that an auditors’ report by independent accountants has been commissioned by the directors and issued. Such permission to publish is given by us without accepting or assuming any responsibility or liability to any third party users save where we have agreed terms with them in writing.

Our consent is given on condition that before any third party accesses our auditors’ report via the webpage they first document their agreement to the following terms of access to our report via a click-through webpage with an 'I accept' button. The terms to be included on your website are as follows:

I accept and agree for and on behalf of myself and the Trust I represent (each a "recipient") that:

  1. PricewaterhouseCoopers LLP (“PwC”) accepts no liability (including liability for negligence) to each recipient in relation to PwC’s report. The report is provided to each recipient for information purposes only. If a recipient relies on PwC’s report, it does so entirely at its own risk;
  2. No recipient will bring a claim against PwC which relates to the access to the report by a recipient;
  3. Neither PwC’s report, nor information obtained from it, may be made available to anyone else without PwC’s prior written consent, except where required by law or regulation; and
  4. PwC’s report was prepared with Hermes Property Unit Trust's interests in mind. It was not prepared with any recipient's interests in mind or for its use. PwC’s report is not a substitute for any enquiries that a recipient should make. The financial statements are as at 25 March 2017, and thus PwC’s auditors’ report is based on historical information. Any projection of such information or PwC’s opinion thereon to future periods is subject to the risk that changes may occur after the reports are issued and the description of controls may no longer accurately portray the system of internal control. For these reasons, such projection of information to future periods would be inappropriate.
  5. PwC will be entitled to the benefit of and to enforce these terms.
I accept

1. Select your country

  • United Kingdom
  • Austria
  • Australia
  • Belgium
  • Denmark
  • Finland
  • France
  • Germany
  • Iceland
  • Ireland
  • Italy
  • Luxembourg
  • Netherlands
  • Norway
  • Singapore
  • Spain
  • Sweden
  • Switzerland
  • USA
  • Other

2. Select your investor type

  • Financial Advisor
  • Discretionary Investment Manager
  • Wealth Manager
  • Family Office
  • Institutional Investor
  • Investment Consultant
  • Charity, Foundation & Endowment Investor
  • Retail Investor
  • Press
  • None of the above

3. Accept our terms and conditions

By clicking Proceed I confirm I have read the important information and agree to the terms of use.


The Hermes Investment Management website uses cookies to remember your preferences and help us improve the site.
By proceeding, you agree to cookies being placed on your computer.
Read our privacy and cookie policy.

How cyber-attacks will change the face of company boards

Home / Press Centre / How cyber-attacks will change the face of company boards

Leon Kamhi, Head of Responsibility at Hermes investment Management
08 November 2018

Leon Kamhi, Head of Responsibility, Hermes Investment Management: In recent months, some of the UK’s largest companies have suffered major data breaches or significant technical issues which have resulted in disruption for stakeholders, including customers, staff and investors.

When these events occur, consumers are the first to be hit by having their data compromised or losing essential service, which can be extraordinarily frustrating. However, for investors these events also provide an important lens through which to look at the companies in their portfolio.

On the most basic level, if consumers think a company cannot be trusted to keep their personal data safe - causing anything from embarrassment to financial harm - it is a real and substantial revenue risk. Furthermore, investors need to consider cyber security as a broader theme and a more significant issue – as it could end up changing the faces of the boards running the companies we own and provide the push for diversity we have been seeking.

Hacking the hack
Cyber attacks do not just target consumer information, nor do they go for the largest firms in the index. In industries in which intellectual property provides the competitive edge, stopping an individual or organisation from accessing data, systems and infrastructure is key, and SMEs are increasingly in the line of sight.

For example, a pharmaceutical firm needs to protect its research and development information as fiercely as an airline does its customer credit card details. Most companies today do not just sell groceries, build houses or even trade derivatives, they also run a substantial IT operation, and it is increasingly important that the board reflects this new way of doing business.

Investors need a company board to be on top of the specific elements that can impact it as a business. Hackers can bring an entire system to a halt if they are able to stop certain processes.

A board should not just be aware of the company’s cyber strategy, but should also be monitoring how it is working, frequently testing it, spotting any weak points and challenging executives on where it needs to change. Moreover, boards should also be evaluating how well a company responds when there is a breach.

Because of the technological advancements and disruptions that have taken place over the past decade, companies need executives who are responsible for the day-to-day cyber security at the highest level and who actively work with key business heads.

Who is on board?
When considering how to expand or improve their business strategy, many companies look at who currently is on the board and how to leverage their skills.

However, as technology has evolved at such a pace, and continues to do so, we are encouraging boards to modify the way they think about board structure and focus on who and what skillset should be on the board. Today, that means having an individual that has substantial IT expertise, fluency and capability to not only enable the business to develop and implement a robust IT infrastructure, but also for the purpose of cyber security.

This does not mean simply bringing in one independent director with generic IT skills, but an individual who has a deep understanding of the technological landscape and potential threats to their business and infrastructure. Ideally, a board should have more than one person who understands the technological landscape, inclusive of the risks, to ensure they are able to have a robust ongoing dialogue.

Putting this into practice may be hard for companies that have traditionally appointed former senior executives, either from their own or related sectors, which often results in group think and a lack of diversity amongst the board. The “grey hair” approach to accessing experience is one that is going to be tough to break down.

A well-managed board can significantly benefit from the range of perspectives brought by directors who have diverse technical, professional and country experience as well as diversity in gender, ethnicity, demographic and age. For example, as regards age, most UK board members are between 55 and 65, which demonstrates a serious lack of diversity of age.

As companies’ clientele and ways in which they bring their products or services to market evolve, a variety of skills will be required on the board. An individual with expertise and fluency in the ever changing technological landscape, could provide a significant value add. Moreover, very few companies are going to be able to appoint an experienced tech CEO as a director.

Investors can never know for certain if a company is going to be completely safeguarded against a cyber-attack or technical failure – but in this day it is worth seeking out those taking cybersecurity seriously.

This is non-cyclical. We are not backing out of this new technical age. Company boards that will be the most successful in the future are already amending their boards to reflect it.


Share this post:
Leon Kamhi Head of Responsibility at Hermes investment Management Reporting into Hermes Investment Management’s CEO, Leon Kamhi is responsible for developing and directing the programme for integrating responsibility across the Hermes group, overseeing its delivery and accountable for its success. This includes ensuring investment teams are aware of and integrate ESG performance in investment decisions and that engagement is effectively incorporated alongside investment activities. In addition, in this role he oversees and contributes to how the firm’s responsibility activities and performance are integrated into Hermes’ client relationship management and reporting, the delivery of its corporate citizenship programme and the development of responsible structures and processes for the firm. He also leads a number of corporate and public policy engagements. Previously at Hermes, Leon was responsible for the development and delivery of Hermes EOS’ global corporate and public policy engagement programme from 2012-2016 and acted as its commercial director from 2009-2012. Prior to that, Leon worked within the Hermes UK Large Cap Focus Fund for seven years, where he was responsible for executing the fund’s engagement programmes. He also has 12 years of strategy consulting and operational industry experience.
Read all articles by Leon Kamhi

Find posts by author

  • Alex Knox, ACA
  • Amy Wilson
  • Andrew Jackson
  • Andrew Parry
  • Claire Gavini
  • Dr Michael Viehs
  • Emeric Chenebaux
  • Eoin Murray
  • Geoffrey Wan, CFA
  • Harriet Steel
  • Ilana Elbim
  • Ingrid Holmes
  • Jonathan Pines, CFA
  • Joseph Buckley
  • Kimberley Lewis
  • Louise Dudley
  • Mark Sherlock, CFA
  • Martin Todd
  • Maxime Le Floch, CFA
  • Michael Russell, CFA
  • Michael Vaughan
  • Neil Williams
  • Nick Spooner
  • Nina Röhrbein
  • Peter Hofbauer
  • Philip Nell
  • Saker Nusseibeh
  • Silvia Dall’Angelo
  • Tatiana Bosteels
  • Tim Crockford
  • Tommaso Mancuso
  • Yasmin Chowdhury

Find posts by category

  • governance

Press contacts