Where is the "C" in ESG?

In the contemporary data-centric landscape, cybersecurity stands out as a paramount concern for the global economy and remains among the foremost risks confronting businesses on a global scale. Data represents a substantial 90% of the value attributed to intangible assets across various companies. With the average cost of a data breach soaring higher year on year, the implications have reached unprecedented levels. Consequently, it's no wonder that cybersecurity is increasingly taking center stage on corporate Environmental, Social, and Governance (ESG) agendas.

 In contemporary discourse, cybersecurity has become an essential component of Environmental, Social, and Governance (ESG) considerations. Its recognition as an ESG topic began to solidify in the late 2010s, primarily within the realm of governance, aligning it with the "G" in ESG. Established ESG reporting frameworks like the Global Reporting Initiative (GRI) and the Sustainability Accounting Standards Board (SASB) have subsequently recognized the material significance of cybersecurity within corporate sustainability strategies.

Below are some examples on how cyber threats can negatively impact your ESG goals:

Environmental pollution: Instances such as a facility's leak detection system malfunctioning or hackers gaining control of industrial systems can result in water and soil contamination. 

Occupational health and safety: Unexpected shutdowns of safety systems can lead to severe accidents, including injuries and fatalities, particularly in manufacturing operations.

Product and service safety: Products may require recall due to cybersecurity vulnerabilities or susceptibility to hacking.

Alternative Cyber Security Solutions: Organizations opting to have feature specific cyber security solution or even choosing to have a secondary datacenter for resilience may only increase the CO2 footprint.  

Freedom of press and speech: Policymakers and Press significantly impact societal development through digital communication channels. Legal protection, digital and media literacy promotion, and fostering diversity and inclusion online is common. However, such online platforms that champion free speech face threats like eavesdropping, surveillance, and potential shutdowns due to cyber risks.

How Can Your Organization Effectively Address Cybersecurity Concerns while meeting the ESG goals?

To effectively tackle cybersecurity concerns, it's imperative to prioritize it within corporate Environmental, Social, and Governance (ESG) strategies and endeavors. Companies that have yet to implement best practices should take immediate steps to fortify their cybersecurity readiness. Here are key actions your organization can undertake to mitigate cybersecurity risks:

1. Integrate Cybersecurity into ESG Strategy (Decarbonization, CO2 reduction and Circular Economy): Acknowledge that cybersecurity now holds a pivotal role in ESG considerations. Incorporate cybersecurity initiatives and reporting into your ESG agenda, with top-down leadership support being crucial.

2. Establish Strong Governance Mechanisms: Ensure accountability for cybersecurity at the C-suite level, treating it as a business risk rather than solely an IT concern. Implement dedicated committees and conduct regular risk assessments.

3. Invest in Employee Training and Culture: Provide comprehensive cybersecurity training to all employees and cultivate a culture of security awareness through regular activities, quizzes, and simulated cyberattacks.

4. Leverage Advanced Cybersecurity Technologies: Invest in cutting-edge cybersecurity technologies, expertise, and tools to proactively stay ahead of evolving cyber threats. Ideally, implement 24/7 Security Monitoring and Incident Response Plans for immediate threat detection and response.

5. Explore Emerging Capabilities: Consider adopting emerging technologies and practices to bolster cybersecurity efforts, such as Artificial Intelligence (AI) and Machine Learning for real-time threat detection, Cyber Threat Intelligence, and a Zero Trust Architecture.

Pramod Kuksal

VP, CISO and Cyber Security Advisor