WRS News Online

Protecting Investment Data

SWIB Works to Fend Off Cyber Attacks
The Home Depot, JPMorgan Chase, and Target are just a few companies that have been hit by cyber attacks in the past year. By infiltrating some of the largest companies in the world, cyber attackers have been able to access highly-confidential information such as passwords, Social Security numbers and individual account information.

Dealing with the fallout from a successful cyber attack can cost a company millions of dollars and individuals years of worry that their personal information may still be in the hands of criminals. Improved technology in the hands of cyber criminals and the increase of business conducted online have forced many companies and organizations, like the State of Wisconsin Investment Board, to work hard to fend off possible attacks.

“We use industry-leading tactics to secure our networks and data, engage external security experts to test our defenses and regularly review our activities to ensure that we do not have any risks that haven’t been dealt with,” Erich Huemoeller, SWIB’s information technology director, said.

The business of managing more than $104 billion in assets creates sensitive data that is shared not only internally between SWIB staff, but also externally with portfolio managers and other financial institutions. In addition, SWIB has personal data for its employees that must be protected. Huemoeller said building a strong line of defense against would be cyber attackers has always been a top concern for SWIB. He added that SWIB’s information technology team not only needs to be on the lookout for possible cyber attacks today, but must also be flexible to adapt to changing technologies that could be used in future attacks.

“We regularly monitor industry and internet security bodies for threats and, if necessary, adjust our practices, security tools or other methods to meet emerging threats,” Huemoeller said.

SWIB also keeps close watch on how the companies it invests in are dealing with cyber security. SWIB’s corporate governance team actively tracks potential regulations on cyber security to evaluate a firms’ security breach risk mitigation procedures – both current and future.

SWIB Corporate Governance Director TerriJo Saarela says SWIB is proactive in ensuring its investments are protected by working directly with companies. “SWIB’s corporate governance team engages companies regarding their approach to managing oversight of cyber security,” Saarela said. “We have also partnered with other funds to address cyber security concerns with companies that have breached rules put in place by the Securities and Exchange Commission and the federal government.”

Because it anticipates an increased number of shareholder cyber security proposals in the coming years, SWIB’s corporate governance team has developed a new proxy voting guideline that ensures WRS investments are protected. The guideline says SWIB may support cyber security proposals that request greater disclosure of a company’s policies, potential risks and oversight.
“It is important to fully understand how these companies are dealing with the possible threats,” Saarela said.