Macro Insight
I Feel Like Somebody's Watching Me

Macro Insight

I Feel Like Somebody's Watching Me

I always feel like somebody’s watching me.
And I have no privacy.
– Rockwell


The  lyrics to Rockwell’s 1984 hit Somebody’s Watching Me are the musings of a paranoid individual worried that his neighbours, his mailman and the IRS are watching him. Notable for Michael Jackson’s unaccredited backing vocals — who had his own anxieties surrounding privacy — the song foreshadowed broader society’s privacy concerns which have accompanied technological advances. Coincidentally, 1984 was also the year the first U.K. Data Protection Act was passed. Since then, concerns about data privacy and cybersecurity have grown far beyond the snooping mailman, due to the internet, the volume of data gathered and developments from spyware to smart TVs that actually do watch back.

For investors who consider such factors, data privacy falls within the Social pillar of Environmental, Social and Governance (ESG) considerations and, in our opinion, are of material importance. It appears that investors have begun to recognise that these attributes can translate into tangible value.

Regulations and relationships are changing

For those who invest with an eye toward ESG factors, recent regulations on data protection could influence their investment decisions. In May 2018, the European Union (EU) General Data Protection Regulation (GDPR) will become effective. Its goal: To give EU citizens control over their personal data.  

The relationship between companies and consumers is likely to change as a result, with implications for consumers, companies, sectors, investors and geopolitics. Because large companies are global—trading with Europe and using European data—the GDPR regulation will likely have far-reaching effects with respect to how these companies handle this personal data.

The GDPR provides a strict compliance regime with significant penalties for non-compliance of up to 4% of a company’s annual global turnover or €20 million, whichever is higher1. Along with responsibility, accountability (making automated decisions such as profiling contestable), explicit consent, and data portability, the regulations include a new right to erasure, a more limited version of the right to be forgotten.


In the past, data breaches in the EU often went unreported. Under new regulations, an organisation has 72 hours to notify the relevant local authority of a regulatory breach.

The GDPR provides a good case in point that investors who purchase shares of companies that are behind the curve in terms of data privacy protection capabilities and general cybersecurity – could be assuming real risks. Potential lawsuits, reputational damage, revenue loss, intellectual property theft and the cost of infrastructure repairs to prevent future breaches are significant risks on their own. The prospect of a fine bolsters the case for considering a company’s strict adherence to the regulations when considering potential investment.

Your data can be sold . . .
Data is obviously worth a lot more than people are being paid for it right now, since they generally give it away for free. But if you have privacy rights over your data, you could start to charge for it.  For industries that have grown up around a model of data being free, this could lead to significant disruptions.

There is a massive amount of information now being put into a form that could be subject to ownership rights. That data was already owned by the companies who collected it, analysed it and sold it for big profits. The GDPR explicitly provides ownership rights for this sort of data – the kind that has commercial value – at the individual, data-subject level.

Ownership rights create a number of considerations—potential for theft, misuse, nation-state applications—but they also create enormous investment opportunities. In recent years, companies have been created specifically to allow businesses to understand what content they have on people, to give them the ability to report, to move the data from one place to another, to erase it and often to use to enhance their profits.

. . . so what is your price?

Looking at the sensitivity of data and people’s willingness to share it can lead to a tradeoff. Medical data, for example, is highly sensitive. But if people feel it will be used for either their personal health benefit or the broader good, they may be more willing for it to be widely used than would be the case for financial data, where sharing seems like more of a threat (Display 1). 


Display 1: How much would you charge to share your personal data?

This distinction could have a strong bearing on how much people would charge for the data when they have control over it. Because sharing health data brings additional benefits, data subjects might sell it for a cheaper price than they would with financial data. Similarly, social media offers a “value exchange” with the consumers getting a direct benefit from allowing their data to be collected. But where the value is more biased towards the company, will this reduce the willingness of consumers to give consent for data collection?

Cybersecurity:  A new growth industry

One prominent consequence of the privatisation of data is that it is an asset requiring protecting against theft, which entails an enormous increase in security. The number of security incidents against companies has been rising at over 60% a year since 2008, and the attacks themselves are becoming increasingly sophisticated (Display 2). In 2014, it was reported that businesses suffered $400 billion p.a. worth of losses attributable to cybercrime.2

In a recent study that tracked people’s major global security threat concerns across 18 countries, for example, Japan identified cybersecurity as its top concern, beating out risks like ISIS (the top

concern in Europe) and climate change (Africa, Latin America). The U.S., Germany and the U.K. all considered cyberattacks their second biggest security threat3.


Display 2: Data security threats rising rapidly

Even companies that are doing a good job of protecting their data can be vulnerable to blackmail, disinformation and destruction for its own sake from the likes of highly motivated activists with their own agendas, terrorist groups and criminal organisations. One of the two biggest recent global attacks was the WannaCry ransomware attack, which illustrated the threat posed when entities do not update their software or continue to use outdated systems that cannot be patched. The chief risks posed by cyberattacks are business disruption, information loss and subsequent revenue loss (Display 3). The 2017 version of Petya was substantial enough to cause at least one firm to revise its estimated sales growth forecasts. 


Display 3: Cyber attacks are costly and disruptive

Source: Ponemon Institute, HP, 2015 Cost of Cyber Crime Study, October 2015. Morgan Stanley Research - Sustainability: Sustainable and Responsible: ‘Investor Roadmap on Cyber Security’, published 28 October 2015.


As a result of such cyber threats, spending on security software in the Americas, EMEA and Asia Pacific (including Japan) is on a consistent upward trend, with highest spending in the U.S.  – also the most advanced country in terms of legislation (Display 4). We would not be surprised to see other regions catch up with the U.S. in time, creating opportunities in these areas. The enforcement of the GDPR for instance, should increase cyber security spending in Europe. This supports our more general view that the economy is undergoing not just a cyclical increase in investment, but also positive secular trends.

We have observed in previous commentaries that business fixed investment has been low for many years, with companies running on old equipment. Recent cyberattacks have shown that this includes old computer technology. Given the increasing cyber risks, and regulation, it seems plausible that the increase in U.S. business fixed investment seen in the last two quarters might also, include increased spending on computer software and hardware4. Furthermore, as cyberattacks become more sophisticated, companies will have to continue to invest if they are to evolve their defences and keep up with the attackers.



Display 4 (part 1, to be shown at top or left side)
New economy: Cyberdefence spending rising . . .

Spending on security software technology in EMEA lags spending in the Americas by ~50% despite
similar GDP


Source: IDC. Morgan Stanley Research - Sustainability: ‘Data Privacy: EU GDPR “Security Solutions Stocks”’, published 16 May 2017. APJ is Asia Pacific and Japan.



Display 4 (part 2, to be shown at bottom or right side)
. . . and there is room grow

Security spending also lags in EMEA as a % of GDP, highlighting a material opportunity to bolster cyberdefences in Europe


Source: IDC. Morgan Stanley Research - Sustainability: ‘Data Privacy: EU GDPR “Security Solutions Stocks”’, published 16 May 2017. APJ is Asia Pacific and Japan.


In terms of opportunities, the flip side of cyberdefence is cyberattack, and nations are increasingly investing in cyberwarfare technology. This could lead to the creation of an entire new cyber weapons industry, with both defensive and offensive capabilities requiring significant investment and spending. Cyberwarfare also presents not only an economic opportunity, but a potential geopolitical threat – something else for investors to consider.

Social factors impacting performance

Opportunities are not limited to the investment side. Stock prices also appear to react to how well companies handle privacy along with other ESG issues. Looking at a one-year period ending June 2017, we found that in the U.S., Europe and Japan social score was positively associated with stock market performance in the information technology sector. In that sector, companies with the highest social scores were also the best performers over the last year in all three regions (Display 5).


Display 5: Strong link between IT sector social scores and stock returns

This index performance is provided for illustrative purposes only and is not meant to depict the performance of a specific investment. Past performance is no guarantee of future results.  See Disclosures for index definitions.

Performance of IT sector stock baskets constructed based on social score. Source: MSIM. Data based on Sustainalytics and Datastream. Performance data from 30 June 2016 to 30 June 2017, scores as of 30 June 2016. Based on social score; the number of stocks examined is shown in brackets next to sector name. U.S. equities are based on the S&P 500 constituents, European equities are based on the MSCI Europe constituents and Japanese equities are based on the MSCI Japan constituents.


Of all the globally recorded data breaches in 2016, 80% occurred in the U.S.However, data issues are probably the most advanced in the U.S. because the firms that have been privatising the data are mostly located there, coupled with greater legislation and reporting requirements. In 2016, the technology sector had the greatest number of records experiencing security breaches, accounting for 28%6 of all breaches. The growth of the “Internet of Things”, with now billions of connected items, will likely open up new sectors to the risk of cyberattack, from household items to medical devices to autonomous vehicles.

Understanding cybersecurity and acting as responsible shepherds of their customers’ data contributes to reduced risk for companies, and could lead to more attractive cost of capital and lower operating costs.

Conclusion: Somebody is watching you

What was paranoia in 1984 is reality in 2017. Somebody is watching you and gathering your data in previously unimaginable quantities. But with regulations like the GDPR, in Europe you as the data-subject will own that data. This increase in regulation is one part of the broader disruptive change happening to industries across the global as a result of the fast evolving cyber environment. The risks and costs to companies of not keeping up with change is evidently great, be it in the form of fines, reputational damage or even lower productivity as a result of exposure to cyberattacks – each of which can have a genuine impact on companies’ profitability. Therefore, data privacy and security, within the Social pillar of ESG concerns, is evidently a factor worth considering when assessing investment opportunities. For investors, this trend will open up new markets, risks and potential opportunities along the way.

Managing Director

1 Morgan Stanley Research - Sustainability: ‘Data Privacy: EU GDPR “Security Solutions Stocks”’, published 16 May 2017. Also stated on the EU GDPR website:

2 Morgan Stanley Research: Sustainability Key Themes and Investing Trends for 2017, published 11 January 2017. Source: Centre for Strategic and International Studies (2014).

3 Source: Pew Research Center, August, 2017, “Globally, People Point to ISIS and Climate Change as Leading SecurityThreats. Concern About Cyberattacks, World Economy also Widespread.”

4 Source: Bureau of Economic Analysis (BEA) News Release: Gross Domestic Product: Second Quarter 2017 (Advance Estimate). Data as of 8 August 2017. Q1 and Q2 2017 estimates show a particularly striking increase in investment growth of 7.2% and 5.2% respectively. This can be attributed mainly to spending increases in infrastructure and equipment. Forecasts/estimates are based on current market conditions, subject to change, and may not necessarily come to pass.

5 Source: 2016 Mining for Database Gold: Findings from the 2016 Breach Level Index, Gemalto.


This commentary is for use of Professional Clients only, except in the U.S. where the material may be redistributed or used with the general public.

The views and opinions are those of the author as of the date of publication and are subject to change at any time due to market or economic conditions and may not necessarily come to pass. Furthermore, the views will not be updated or otherwise revised to reflect information that subsequently becomes available or circumstances existing, or changes occurring, after the date of publication. The views expressed do not reflect the opinions of all portfolio managers at Morgan Stanley Investment Management (MSIM) or the views of the firm as a whole, and may not be reflected in all the strategies and products that the Firm offers.

Forecasts and/or estimates provided herein are subject to change and may not actually come to pass. Information regarding expected market returns and market outlooks is based on the research, analysis and opinions of the authors. These conclusions are speculative in nature, may not come to pass and are not intended to predict the future performance of any specific Morgan Stanley Investment Management product.

Certain information herein is based on data obtained from third party sources believed to be reliable. However, we have not verified this information, and we make no representations whatsoever as to its accuracy or completeness.

The information herein is a general communications which is not impartial and has been prepared solely for information and educational purposes and does not constitute an offer or a recommendation to buy or sell any particular security or to adopt any specific investment strategy. The material contained herein has not been based on a consideration of any individual client circumstances and is not investment advice, nor should it be construed in any way as tax, accounting, legal or regulatory advice. To that end, investors should seek independent legal and financial advice, including advice as to tax consequences, before making any investment decision.

There is no assurance that a strategy will achieve its investment objective. Portfolios are subject to market risk, which is the possibility that the market values of securities owned by the portfolio will decline. In general, equities securities’ values also fluctuate in response to activities specific to a company. Stocks of small- and medium-capitalization companies entail special risks, such as limited product lines, markets and financial resources, and greater market volatility than securities of larger, more established companies. Investments in foreign markets entail special risks such as currency, political, economic, market and liquidity risks. Illiquid securities may be more difficult to sell and value than publicly traded securities (liquidity risk). Non-diversified portfolios often invest in a more limited number of issuers. As such, changes in the financial condition or market value of a single issuer may cause greater volatility.

Charts and graphs provided herein are for illustrative purposes only.

Past performance is no guarantee of future results.

The indexes are unmanaged and do not include any expenses, fees or sales charges. It is not possible to invest directly in an index. Any index referred to herein is the intellectual property (including registered trademarks) of the applicable licensor. Any product based on an index is in no way sponsored, endorsed, sold or promoted by the applicable licensor and it shall not have any liability with respect thereto. The S&P 500® Index measures the performance of the large cap segment of the U.S. equities market, covering approximately 75% of the U.S. equities market. The Index includes 500 leading companies in leading industries of the U.S. economy. The MSCI Europe Index is a free float-adjusted market capitalization index that is designed to measure developed market equity performance in Europe. The term "free float" represents the portion of shares outstanding that are deemed to be available for purchase in the public equity markets by investors. The performance of the Index is listed in U.S. dollars and assumes reinvestment of net dividends. The MSCI Japan Index is a free-floated adjusted market capitalization weighted index that is designed to track the equity market performance of Japanese securities listed on the Tokyo Stock Exchange, Osaka Stock Exchange, JASDAQ and Nagoya Stock Exchange. The MSCI Japan Index is constructed based on the MSCI Global Investable Market Indices Methodology, targeting a free-float market capitalization coverage of 85%

This communication is not a product of Morgan Stanley’s Research Department and should not be regarded as a research recommendation. The information contained herein has not been prepared in accordance with legal requirements designed to promote the independence of investment research and is not subject to any prohibition on dealing ahead of the dissemination of investment research.

This commentary is only intended for, and will be only distributed to, persons resident in jurisdictions where distribution or availability would not be contrary to local laws or regulations.

There is no guarantee that any investment strategy will work under all market conditions, and each investor should evaluate their ability to invest for the long-term, especially during periods of downturn in the market. Prior to investing, investors should carefully review the strategy’s / product’s relevant offering document. There are important differences in how the strategy is carried out in each of the investment vehicles.


This communication was issued and approved in the United Kingdom by Morgan Stanley Investment Management Limited, 25 Cabot Square, Canary Wharf, London E14 4QA, authorized and regulated by the Financial Conduct Authority, for distribution to Professional Clients only and must not be relied upon or acted upon by Retail Clients (each as defined in the UK Financial Conduct Authority’s rules).

Financial intermediaries are required to satisfy themselves that the information in this document is suitable for any person to whom they provide this document in view of that person’s circumstances and purpose. MSIM shall not be liable for, and accepts no liability for, the use or misuse of this document by any such financial intermediary. If such a person considers an investment she/he should always ensure that she/he has satisfied herself/himself that she/he has been properly advised by that financial intermediary about the suitability of an investment.


A separately managed account may not be suitable for all investors. Separate accounts managed according to the Strategy include a number of securities and will not necessarily track the performance of any index. Please consider the investment objectives, risks and fees of the Strategy carefully before investing. A minimum asset level is required. For important information about the investment manager, please refer to Form ADV Part 2.

Please consider the investment objectives, risks, charges and expenses of the funds carefully before investing. The prospectuses contain this and other information about the funds. To obtain a prospectus please download one at morganstanley. com/im or call 1-800-548-7786. Please read the prospectus carefully before investing.

Morgan Stanley Distribution, Inc. serves as the distributor for Morgan Stanley Funds.



This document has been issued by Morgan Stanley Asia Limited for use in Hong Kong and shall only be made available to “professional investors” as defined under the Securities and Futures Ordinance of Hong Kong (Cap 571). The contents of this document have not been reviewed nor approved by any regulatory authority including the Securities and Futures Commission in Hong Kong. Accordingly, save where an exemption is available under the relevant law, this document shall not be issued, circulated, distributed, directed at, or made available to, the public in Hong Kong.


This document should not be considered to be the subject of an invitation for subscription or purchase, whether directly or indirectly, to the public or any member of the public in Singapore other than (i) to an institutional investor under section 304 of the Securities and Futures Act, Chapter 289 of Singapore (“SFA”), (ii) to a “relevant person” (which includes an accredited investor) pursuant to section 305 of the SFA, and such distribution is in accordance with the conditions specified in section 305 of the SFA; or (iii) otherwise pursuant to, and in accordance with the conditions of, any other applicable provision of the SFA. In particular, for investment funds that are not authorized or recognized by the MAS, units in such funds are not allowed to be offered to the retail public; any written material issued to persons as aforementioned in connection with an offer is not a prospectus as defined in the SFA and, accordingly, statutory liability under the SFA in relation to the content of prospectuses does not apply, and investors should consider carefully whether the investment is suitable for them.


This publication is disseminated in Australia by Morgan Stanley Investment Management (Australia) Pty Limited ACN: 122040037, AFSL No. 314182, which accept responsibility for its contents. This publication, and any access to it, is intended only for “wholesale clients” within the meaning of the Australian Corporations Act.

All information contained herein is proprietary and is protected under copyright law.

Morgan Stanley Investment Management is the asset management division of Morgan Stanley.

This document may be translated into other languages. Where such a translation is made this English version remains definitive. If there are any discrepancies between the English version and any version of this document in another language, the English version shall prevail.

CRC 1886984 Exp 9/1/2018

Check the background of our firm and registered representatives on FINRA's BrokerCheck

It is important that users read the Terms of Use before proceeding as it explains certain legal and regulatory restrictions applicable to the dissemination of information pertaining to Morgan Stanley Investment Management's investment products.

The services described on this website may not be available in all jurisdictions or to all persons. For further details, please see our Terms of Use.

Not FDIC Insured—Offer No Bank Guarantee—May Lose Value
Not Insured By Any Federal Government Agency—Not A Deposit

Privacy & Cookies    •    Terms of Use

©  Morgan Stanley. All rights reserved.

Morgan Stanley Distribution, Inc. Member FINRA/SIPC.