This month’s newsletter explores the evolving landscape of cybersecurity within the realm of environmental, Social, and Governance (ESG) and discusses why it is crucial for organisations to prioritise cyber security as an integral part of their ESG strategies.
We discuss why cyber security is becoming an increasingly important element of ESG due to:
- Heightened public awareness of data privacy and the protection of digital identities, which requires organisations to establish trust in their consumer relationships.
- The threat from cyber security incidents to national infrastructure and the environmental and social impact of any resulting disasters; and
- The ever-increasing reliance on interconnected supply chains, in which it is critical to prevent vulnerabilities and breaches that could impact the integrity and reliability of products and services.
Cyber Security is an important environmental, social, and governance (ESG) consideration.
As businesses worldwide embrace the principles of Environmental, Social, and Governance (ESG) investing, there is a rapidly increasing focus on cybersecurity within these initiatives. The rising prevalence of cyber threats and data breaches has highlighted the critical role that cybersecurity solutions plays in safeguarding companies’ ESG objectives.
Well-publicised security concerns related to TikTok and social media data breaches, together with the introduction of tools such as ChatGPT or Bard, have significantly raised the public’s consciousness of socially acceptable cyber security practices.
Increased awareness of cyber security among consumers
Well-publicised security concerns related to TikTok and social media data breaches, together with the introduction of tools such as ChatGPT or Bard, have significantly raised the public’s consciousness of socially acceptable cyber security practices. Consumers are becoming far more educated about the security of their digital identities. Effective data privacy practices are crucial steps in building and maintaining consumer trust and confidence.
Increased focus on cyber security as an element of ESG investment
Investors have also taken note of cyber security as an important driver of ESG.
A recent study conducted by Sustainalytics assessed the impact of cyber security incidents on stock prices. It concluded that on average, the stock price of organisations with stronger ESG Management Indicator Scores in Data Privacy and Security performs better in relation to the sector benchmark one-year post-breach, whereas those with adequate and lower scores underperform significantly.
In another study related to responsible investment conducted by RBC, cyber security was rated as the second most important ESG issue for global investors.
How cyber security fits into the ESG pillars
The convergence of ESG and cyber security arises from the recognition that robust cyber security practices are essential for sustainable business operations. Cyber threats pose significant risks to environmental initiatives, social welfare, and effective governance.
- The Impact of Cyber security on Environmental Initiatives: ESG investing has placed a heightened emphasis on environmental sustainability. However, the digitalisation of operations and the Internet of Things (IoT) have increased the attack surface for cybercriminals, potentially undermining environmental objectives. For instance, cyberattacks targeting critical infrastructure can disrupt energy grids, causing environmental harm and hampering sustainable development. Robust cybersecurity measures are thus necessary to protect the integrity of environmental projects and maintain trust in ESG commitments.
- Safeguarding Social Responsibility through Cyber Security: Social responsibility is a fundamental pillar of ESG, encompassing issues such as diversity, labour practices, and data privacy. Cyber security breaches can compromise personal data, leading to identity theft. A significant breach of personal and financial data can have a detrimental impact on people’s financial and social welfare, while attacks on critical infrastructure will have a direct impact on people’s lives. By implementing strong cyber security measures, companies can protect the privacy rights of individuals in the digital age.
- Cyber security and Responsible Governance: Effective governance is essential for companies aiming to align with ESG principles. Cybersecurity breaches can result in legal and regulatory violations, erode public trust, and undermine responsible governance practices. Ensuring the security of data, protecting against cyber threats, and complying with privacy regulations are crucial elements of responsible governance that organisations must prioritise to maintain ESG credibility.
- Operational Resilience and ESG: The integration of ESG principles into operational resilience is crucial for organisations aiming to build sustainable and robust business practices. Disruptions to normal operations can pose threats to the continuation of any newly designed sustainable practices. Incorporation of resilient cyber security methods, reducing the risk of outages or interruptions, can prevent erosion of ESG improvements.
- Third-Party Supply Chains: Outages such as the infamous Not Petya ransomware attack highlighted the extent of interconnectedness in the digital economy. Likewise, ESG programmes rarely end at an organisation’s perimeter and involve gaining assurance over the practices of suppliers and partners. Third-party ESG discussions should therefore include cyber security requirements in order to mitigate exposures created by third-party practices.
It concluded that on average, the stock price of organisations with stronger ESG Management Indicator Scores in Data Privacy and Security performs better in relation to the sector benchmark one-year post-breach, whereas those with adequate and lower scores underperform significantly.
To truly embody ESG principles, companies must integrate cyber security considerations into their overall strategies. This involves assessing and addressing cybersecurity risks, implementing robust controls, conducting regular audits, and fostering a culture of cybersecurity awareness within the organisation.
As the digital landscape continues to evolve, it is crucial for companies to prioritise cyber security as a foundational element of their ESG commitments, ensuring a secure and sustainable future for all stakeholders.
By JJ Gericke, Senior Manager, ThreeTwoFour