Responsible Technology

How we've worked with the companies we invest in to help ensure they are prepared to face any risks they may be exposed to as they integrate digital technologies into their operations.

Case study

‘Responsible Technology’ has been a key thematic engagement priority for Railpen for the last few years. 

This is because Railpen invests your pension in many companies from the technology sector. It’s also important for Railpen to ensure the companies it invests in – even those that aren’t technology companies –  are prepared to face any new risks they may be exposed to as they integrate digital technologies into their operations.

 

Case studies
A play button in blue

Video: What we mean by Responsible Technology

One of our ESG priority themes, explained.

What was the issue?

Railpen is part of a Cybersecurity Coalition, alongside other large investors such as Nest and Royal London Asset Management. The purpose of the Coalition is to encourage better cybersecurity practices and disclosures from the companies that are at a higher risk of being affected by attacks on their systems.

As part of the Cybersecurity Coalition, Railpen decided to engage with a pharmaceutical company that faced high risk due to its growing digital footprint.

What did we need to do?

We aimed to gain a greater understanding of the company’s approach and encourage improvements to its cybersecurity reporting.  

What approach did we take?

The company was initially unresponsive, so we demonstrated our concerns by voting against the member of their Board we deemed to be responsible for risk oversight – the Chair of the Audit Committee. Read our 'Voting for positive change’ blog to find out what shareholder voting is in the context of pensions and how Railpen decides on its voting positions.

We also asked a question at the company’s 2022 Annual General Meeting on the importance of cybersecurity and repeated our request for a meeting.

Following this escalation, we were able to arrange a meeting with subject matter experts at the company. During discussions, we encouraged them to strengthen their reporting in alignment with our expectations.

What was the outcome?

After the meeting, we were pleased to see that many of our recommendations had been adopted. There is now a dedicated section on cybersecurity within the company’s Environmental, Social and Governance (ESG) report. This more clearly describes the steps the company has taken to address actual and potential risks it is facing, including:

  • The Audit Committee’s role in overseeing cybersecurity
  • The presence of a Chief Information Security Officer
  • Tailored cybersecurity training across the workforce
  • Monitoring of suppliers’ approach to cybersecurity procedures.
What were the next steps?

Building upon our experience of speaking to the companies we invest in about their approach to cybersecurity risk and resilience, we worked with Royal London Asset Management to develop up-to-date guidance for other investors. Our Report seeks to answer the following questions:

  1. Why should investors care about cybersecurity?
  2. What should investors expect of portfolio companies?
  3. What can investors do?

By helping other investors understand why cybersecurity is important, and how they can work with the companies they invest in to improve cybersecurity practices, we help create a more resilient economy which is good for members of the railways pension schemes, and for members of others schemes too.

What to read next...

Case study - climate change

Find out how we've worked with companies we invest in to improve their climate measures.

Case study - governance

Find out how we've worked with companies to improve their governance and mitigate risks.

Sustainable Ownership blogs

Our blogs on Sustainable Ownership and environmental, social and governance (ESG) issues will help you learn more about the Scheme's approach to its investments.