Below is an excerpt from ISS ESG’s recently released paper “Systemic Risks In The Technology Supply Chain – An S&P 500 Case Study” The full paper is available for download from the Institutional Shareholder Services (ISS) online library.
- There is a hidden systemic risk that lurks among the most diversified of investment portfolios. This risk accumulation arises from the remarkable concentration in the technology supply chain all companies share. This is a natural outcome for any technology or vendor that achieves significant market dominance.
One of the most obvious aggregations seen in the data is the heavy overall reliance on open-source software systems. The use of open-source software is deeply rooted across the entire S&P 500.
Figure 3: Top 20 most commonly used technologies and services
Source: ISS ESG Cyber data
- This risk aggregation presents both a threat and an opportunity. It is imporant for portfolio managers to understand the extent of this accumulation in their own portfolios. Once understood, the level of diversification within a portfolio’s technology supply chain could be included in risk management strategies.
- Portfolio risk aggregation is also a risk for the typical large corporation given they tend to use thousands of vendors, among whom the same technology dependence and concentration is widespread. For its part, the corporation can make its risk mitigation much more effective if it can direct investment toward securing shared core supply chain components.
The full paper is available for download from the Institutional Shareholder Services (ISS) online library. You can access the full paper here.
By Manish Karir, Managing Director, ISS ESG Cyber. Mingyan Liu, Cyber Risk Score, ISS ESG.