ESG and Cyber Security

13 March 2024

Trust in institutions has taken a battering in recent years, from accounting and banking scandals, environmental mismanagement, declining education outcomes, to the widespread perception that many nations are governed by a ‘uniparty’ that can never be removed from power regardless of election outcomes.

To counter this erosion in confidence the environmental, social, and governance (ESG) movement has emerged to hold organisations to account across a range of criteria. This movement demands that corporate entities answer to not only their shareholders, but to the societies that support them. In addition to protecting the environment and acting ethically, argument can be made that cyber security forms a critical part of the ESG agenda.

Organisations must appreciate that they are viewed as custodians of private and sensitive data that relates to contractors, customers, third parties, and other related entities. Any breach of this data is rightly perceived as a failure to protect information, and the consequences can ruin lives. Financially motivated hackers sell and trade private data online so it can be used to commit fraud, which can have devastating personal impacts on those affected by identity theft.

Following the Optus hack of 2022, the company paid for the replacement of thousands of Australian driver’s licences because they had been compromised during the cyber-attack. The loss of trust, reputational, and financial damage from such a breach is difficult to quantify, but such a failure certainly adds to the erosion of confidence in institutions that have previously been considered incorruptible. 

Leading global investment firm Nomura takes into account an investee firm’s cyber security performance as part of its ESG scoring system, and KPMG noted in a recent report that cyber security is not only applicable to the governance aspects of ESG, but also has social and environmental implications. A cyber-attack on an electricity power plant, or nuclear reactor site for example poses a potential environmental catastrophe of epic proportions.

Various ESG reporting systems have emerged in recent years to provide organisations with guidelines relating to ethical and sustainable operations, along with key metrics that can be measured. There are also specific IT security standards and frameworks, including the well-known ISO 27001 and government guidelines such as the Essential Eight. There are many basic steps that organisations can undertake to improve their cyber security, enhance their over resilience, and score higher on ESG metrics.

These include:

  • Employee training and development: Regular training updated for all employees on security best practices to create a culture of cyber awareness.
  • Technology: Investment in advanced cyber security technologies, expertise, and tools helps organisations remain ahead of cyber threats. For example, a company may invest in 24×7 SOC capabilities to achieve greater protection.
  • Return on investment: The impact to the bottom line drives many corporate decisions so putting a dollar return on security spending can help highlight the importance of this investment.
  • Cyber Threat Intelligence: Utilising threat intelligence to pre-emptively identify emerging threats and vulnerabilities can help prevent attacks altogether.

The move toward broadened organisational accountability is only set to grow in coming years. Intangible assets that are not physical in nature such as business data now represents 90% of asset value in organisations, having more than tripled in Standard and Poor’s 500 index in the past 35 years. The protection of these assets is critical to business survival. Modern societies can only operate when citizens trust the institutions that they rely on to survive and the ESG movement reflects the importance of this confidence.

For assistance with your cyber security governance issues, contact Intalock today.   

back to blog

We protect australia's leading brands and businesses against cyber threats.

Cyber security is in our DNA