Cyber Security

Governance responsibility.

The Investment Manager is committed to working with all of its portfolio company management teams to identify and adopt appropriate cyber security practices and procedures. This continues to be an important area of focus, particularly following the WannaCry ransomware attack on NHS systems in May 2017. Whilst some of the clients of HICL’s portfolio companies were affected, there was no direct impact of this incident on the portfolio companies’ own IT systems at the hospitals within the HICL portfolio.

The Investment Manager provides a cyber security review tool to each portfolio company. The review tool was designed, with input from a third party specialist adviser, to identify potential cyber security risks within each portfolio company, including through engagement with facilities management providers and other subcontractors. The review tool is used by each portfolio company’s board, who employ the services of cyber security specialists if required.

The Investment Manager uses its internal technical expertise for the betterment of the Group’s investments. An example of this is at the Northwest Parkway project. A detailed review of the tolling and IT systems was conducted in 2017 over a three-day period by the Investment Manager’s in-house IT team. Observations made were welcomed by the company’s management team who implemented a number of recommendations during the course of 2018.

The Investment Manager seeks to share best practice between portfolio companies. In 2017, the Investment Manager facilitated an introduction between the management teams of the A63 Motorway and the Northwest Parkway projects, the Group’s two toll roads, to share learnings including in relation to cyber security policies and the implementation of cyber security testing, which was possible by virtue of both projects being part of the HICL portfolio. These discussions have since broadened to include the sharing of operations and maintenance practices.