Environment and Social Governance (ESG) has become vital to enterprises across all verticals in terms of overall corporate strategy, in line with the United Nations’ Agenda 2030 and its sustainability goals. This trend has also become a strategic business issue driven by customer demand, regulations, employee engagement, and investor requirements. Moreover, Covid-19 has emphasized the importance of an enterprise’s social and environmental responsibility.
Consequently, many companies have developed and are following a corporate strategy for ESG, setting and working towards achieving their ESG commitments over the next few years. Such commitments include becoming carbon-neutral by 2040-2045, which was reinforced by the alliances and commitments made at the COP26 event, the global United Nations summit. Previously, sustainability was the only key buzzword when it came to issues about saving the planet. However, now it also encompasses citizens, governments, regulators, and the media, all piling pressure on corporations to address climate change, social injustices and inequality, corruption, and ethics to name a few.
In the same flavour, exponential increases in cybersecurity attacks across organizations and governments are impacting global businesses, particularly in verticals like finance, healthcare, oil and gas, and retail. A number of large corporations have experienced major disruptions to their operations and markets, resulting in some economists predicting losses of more than $1.1tn worldwide. Covid-19 has also created shutdowns and major disruptions in employee working styles and supply chains in all sectors, and in particular across government, finance, manufacturing, IT, and media. Within this backdrop, there is further scrutiny being placed by consumers, third party enterprises and investors on the potential impact on data, brand, financial vested interests, and supply chains. With this in mind, GlobalData’s predictions are that there will be greater use of ESG metrics in future cybersecurity investments. The fine details of what these will entail are up for debate and no doubt will change. However, in line with fundamental building blocks of an ESG framework, they could cover adequate provisions to limit future cybersecurity risks through compliance to assessments that take into consideration the impact on operations, company performance, brand, customers and shareholder value.
From a governance perspective, they will include an enterprise’s approach to good governance when addressing issues like ransomware by including the wider executive board within the business, and with better reporting metrics. Social responsibilities could include better processes and systems in securing data across customers (consumers and enterprises), supply chains and technology supporting them to increase consumer and brand confidence. Lastly, ‘Risk and Trust’ are two key prerequisite’s that will be required across all IT systems and technologies playing a role in an organization’s operations set up impacting its ESG compliance. In both of these areas, an organization’s approach to its cybersecurity policy will play a fundamental role in privacy, reliability, compliance when it comes to data.
The role of cybersecurity in ESG is still in its infancy. However, the time to act ‘Is Now’ for cybersecurity providers to help increase their wallet share and drive market differentiation, and for enterprises to gain market confidence and brand loyalty with its customers.