ESG Strategies: Three reasons why Cybersecurity is Important

What is ESG?

ESG stands for “environment, society and good governance” and represents a stakeholder-centered approach to business. As ESG becomes increasingly crucial for managers, it is essential to consider the global nuances that define the focus from region to region. Companies that adhere to ESG standards commit to behaving ethically in the three areas mentioned above and can adopt a range of ESG strategies, tactics, and solutions to achieve a more sustainable and ethical world.

How is cybersecurity related to ESG Strategies?

For example, the 2021 editions of AXA’s “Future Risks Report” and the World Economic Forum’s “Global Risks Report” highlight climate change and cybersecurity as key challenges for the next decade.

Cyberrisk is the most immediate and financially significant sustainability risk facing organizations today. According to the World Economic Forum, companies need to start treating cyber security as part of ESG strategies. By using appropriate tools and metrics, those who do not implement good governance regarding cybersecurity will be less resilient and less sustainable.

The adjusted average total cost of a data breach rose to $4 million per company in 2020. The popularity of remote working also contributed, increasing the average total cost of a data breach by nearly $137,000, according to J.P.Morgan.

In the rapidly evolving digital economy, cybersecurity is no longer the domain of the software industry alone. It is becoming an important topic for business leaders, global investors, and players in all industries that deal with cyber technology and private customer data.

The social impact of cybersecurity and its technological implications are gaining interest from a much broader group of people.

Threat to value

The intangible value currently represents 90% of an organization’s asset value and has more than tripled in the Standard and Poor’s 500 index over the past 35 years. During the COVID-19 pandemic, organizations accelerated the digitization of their assets.

Today, data, including personal, financial, security, or behavioral data, is perhaps the most critical intangible asset in determining a company’s value.

If a company grows, so does its intangible value, which in effect, increases the potential impact of a cybersecurity breach, as well.

Threat to society

In the name of consumer convenience, organizations in all sectors have rapidly embraced digital transactions.

A record number of identity thefts occurred in 2021, 23% more than the previous record. They are almost ubiquitous in government agencies, financial and insurance services, health care and utilities, and consumer goods. This, of course, leads to more significant cybersecurity risks.

Data breaches can have a huge impact on people. Hackers are increasingly targeting data and healthcare facilities, affecting the quality of care for the entire community.

Threat to a sustainable future

Cyber risks, such as attacks on critical infrastructure or other grid systems designed as part of renewable energy transition projects, threaten the integrity of sustainability investments.

The reverse is also true: climate-related risks, along with social unrest, create numerous vulnerabilities in system reliability, computer network defense, and security. Because our social, physical, and cyber domains are interconnected, factors in one system can unintentionally affect others.

What about insurance against the threats?

Instead of instituting governance around cybersecurity, organizations rely heavily on insurance to manage risk. However, as courts rule in favor of policyholders, insurers will continue to limit the scope of cyber insurance coverage and restrict the extent to which organizations can rely to mitigate risk.

This makes understanding and managing risk more important than ever, especially since regulatory fines alone can bankrupt an organization.

Hence, cybersecurity should be part of ESG

ESG frameworks are a tangible tool for assessing corporate behavior. Including cyber security would add a new dimension, providing insight into cyber behavior and risks that are a crucial part of the larger ESG picture.

Given the complexity of the new business models and the increasing size of many technology companies, government regulation alone cannot realistically address all companies. A standardized analytical framework could set a precedent for effective governance, and ESG would be an effective one.

Andrea Nyilas is a Life Cycle Assessment and Sustainability Consultant and a Sustainability and Environmental journalist. She holds a Master of Science degree in Environmental Sciences and Policy from Central European University, in addition to a Master of Arts degree in Economics from the Corvinus University of Budapest. She is particularly interested in circular economy, natural resource management, and waste reduction.