Please ensure Javascript is enabled for purposes of website accessibility Tackling cybersecurity through a securitised lens - Janus Henderson Investors - Italy Professional Advisor (EN)
{{banner.link_text}}
For financial professionals in Italy
Back to Insights

Tackling cybersecurity through a securitised lens

Cybersecurity attacks are more common, facilitated by AI and rising geopolitical tensions. Portfolio manager Ian Bettney and Research Analyst Sarah Asquith explore how to tackle cybersecurity risk in the securitisation markets.

Cyber security NL
Ian Bettney
Ian Bettney

Portfolio Manager

Sarah Asquith, ACA
Sarah Asquith, ACA

Research Analyst

29 Jul 2025
4 minute read

Key takeaways:

  • Cybersecurity breaches are growing in both frequency and severity, impacting organisations across all sectors, including those who fund in securitisation markets. This has been further exacerbated by rising geopolitical tensions and AI advancements.
  • The operational disruptions and financial losses from cyber attacks pose credit and governance risks, making it crucial for investors and stakeholders to prioritise cybersecurity in their risk assessments.
  • Our securitised team have developed a targeted cybersecurity assessment framework, through which we aim to enhance due diligence processes, improve investor confidence, and strengthen the resilience of our portfolios.

Rising costs and prevalence of cyber attacks

In recent years, cybersecurity attacks have become prevalent, while the costs of such breaches has increased. IBM reported that the global average cost of a data breach had increased by 10% in 2024 compared to 2023, the largest jump since the pandemic; while breaches with longer lifecycles have been observed to lead to higher costs. According to research from Cyber Rescue UK, there are a host of different impacts that affect businesses hit by data breaches.

Figure 1 & 2: Far-reaching impacts from data breaches

86% of firms suffered data breaches over the last three years. The impact of data breaches range from the most common to the least common: revenue loss; share price; loss of customers; paid fine; and downtime.
Source: Cyber Rescue UK, Blancco, June 2025. Survey of 2,000 IT and sustainability leaders.

At the time of writing, Microsoft is in the midst a major cyber security breach and has released software updates for on-premises and self-managed Sharepoint servers. Other high-profile incidents have affected the UK National Health Service (NHS), Disney and insurer, UnitedHealth. Phishing (deceiving people to reveal sensitive information) and stolen credentials appear to be the most common attack methods.

While large institutions have been making headlines, the securitised world isn’t any different. Smaller firms are particularly affected with attacks usually through third-party data feeds. Often, companies have to resort to shutting down their entire systems and going offline until there is a resolution.

Australia has been particularly targeted due to its advanced digital infrastructure and key role in global finance, trade, and critical industries, which make it an attractive target for cybercriminals. We are aware of at least two Australian non-bank lenders, both of which finance in securitisation markets, that have recently experienced material cyber attacks. The companies suffered impacts, including a temporary pause in asset originations and a spike in arrears data as collections activity was disrupted. This highlights that beyond governance risk, there is fundamental credit risk with such breaches given the operational disruption, associated costs and reputational damage. This is relevant to us as securitised investors given our direct exposure to the underlying loans.

Assess cybersecurity risk

Initially, we engaged with issuers to try to understand systems and governance, but responses were limited and often indigestible. We realised that understanding the complex and fast-changing landscape of information security infrastructure requires experts. So we enlisted our internal Information Security Team to learn about their own due diligence process and collaborated with them for over a year to devise our cybersecurity assessment framework.

Identifying engagement focus

While still in the early stages of deploying this framework, responses have been positive; with issuers showing strong interest and willingness to take part in the survey. The below shows the wide range of responses received:

Figure 3 & 4: Cybersecurity response to JHI survey by company type and jurisdiction

Source: Janus Henderson, as at 23 July 2025.

Many issuers have noted that we are the first investor to proactively engage on cybersecurity, highlighting the uniqueness and relevance of our approach. Our process involves a detailed review of survey responses and technical reports, followed by iterative engagement. We then circle back with targeted follow-up questions where vulnerabilities or governance gaps are identified. To ensure depth and accuracy, we continue to collaborate closely with our internal Information Security Team, leveraging their technical expertise to guide our focus and interpret complex findings.

In light of the escalating frequency and cost of cyberattacks, robust cybersecurity practices are no longer optional, they are essential. This applies not only to issuers but also to investors, who must understand and manage cyber risk as part of their fiduciary duty. We believe the development of this cybersecurity assessment framework represents a significant step forward. By integrating cyber risk evaluation into our governance and credit analysis, we are enhancing due diligence, setting a precedent for industry best practices, and contributing to a more resilient investment landscape.

These are the views of the author at the time of publication and may differ from the views of other individuals/teams at Janus Henderson Investors. References made to individual securities do not constitute a recommendation to buy, sell or hold any security, investment strategy or market sector, and should not be assumed to be profitable. Janus Henderson Investors, its affiliated advisor, or its employees, may have a position in the securities mentioned.

 

Past performance does not predict future returns. The value of an investment and the income from it can fall as well as rise and you may not get back the amount originally invested.

 

The information in this article does not qualify as an investment recommendation.

 

There is no guarantee that past trends will continue, or forecasts will be realised.

 

Marketing Communication.

 

Glossary

 

 

 

Related themes

Credit Diversification Securitized Volatility
Ian Bettney
Ian Bettney

Portfolio Manager

Sarah Asquith, ACA
Sarah Asquith, ACA

Research Analyst

29 Jul 2025
4 minute read

Key takeaways:

  • Cybersecurity breaches are growing in both frequency and severity, impacting organisations across all sectors, including those who fund in securitisation markets. This has been further exacerbated by rising geopolitical tensions and AI advancements.
  • The operational disruptions and financial losses from cyber attacks pose credit and governance risks, making it crucial for investors and stakeholders to prioritise cybersecurity in their risk assessments.
  • Our securitised team have developed a targeted cybersecurity assessment framework, through which we aim to enhance due diligence processes, improve investor confidence, and strengthen the resilience of our portfolios.
Ian Bettney
Ian Bettney

Portfolio Manager

Ian Bettney is a Portfolio Manager on the Secured Credit Team at Janus Henderson Investors. He is responsible for portfolio management and markets and transaction analysis across the securitised and secured credit markets. Ian joined Henderson in 2005 as a systems accountant and held analyst and assistant portfolio manager roles before becoming a portfolio manager in 2016. Prior to this, he was with STA UK, Ltd, where he was a systems accountant and part of the global financial systems implementation team. Before that, he worked as a financial analyst at EIS and as an operations analyst at Enron Metals and Commodities, Ltd. He started his career at NEIA as an international business development assistant.

Ian holds a bachelor’s degree in business administration from Memorial University and an MSc in financial markets and derivatives from London Metropolitan University. He has 25 years of financial industry experience.

More articles by Ian
Sarah Asquith, ACA
Sarah Asquith, ACA

Research Analyst

Sarah Asquith is a Research Analyst on the Secured Credit Team focused on the ABS sector at Janus Henderson Investors. Prior to joining the firm in 2022, Sarah was at Fitch Ratings from 2019 to 2022, most recently as director, covering consumer ABS within EMEA structured finance. Before that, she was at PwC from 2014 to 2019, most recently as a senior associate in structured finance – banking & capital markets. Additionally, while at PwC, she was client secondment, ABS – Treasury at BMW Financial Services for nine months.

Sarah received a BSc degree (Hons) in accounting & finance from the University of Warwick. She member of the Institute of Chartered Accountants in England and Wales and has 11 years of financial industry experience.

More articles by Sarah

Choose region

Country

Language

What type of investor are you?