The group, the asset manager arm of insurer Legal & General, said it wanted companies to identify and monitor information assets as a strategic issue; document the management of the risk through an audit; and make sure awareness of cyber risk was embedded in the culture of the company.

"Cyber security is a significant risk to our investee companies. It is incumbent of us to discuss how company boards are managing cyber security and their digital infrastructure throughout the corporate year," said David Patt, senior analyst for corporate governance and public policy at LGIM.

"We are concerned that many responses we receive to this major corporate risk are insufficient. Boards need to be more aware of their operational environment and emerging threats to their business. Simply put, it can affect a company's value."

(Reporting by Simon Jessop; Editing by Steve Slater)