Why cyber security should be treated as an ESG issue

EXECUTIVE SUMMARY:

The World Economic Forum describes cyber security as one of the top five global risks, highlighting the need for organizations to integrate cyber security into ESG risk management. As a result, effective oversight of security has become a priority for investors and regulators, who continue to push for robust oversight frameworks. Organizations that lack adequate focus on cyber risk will be considered less resilient and sustainable than their peers, potentially impacting their long-term viability.

By placing cyber security at the center of an ESG strategy, organizations can demonstrate their commitment to strong business governance, and can establish a foundation for enduring economic sustainability. This approach helps protect intangible assets from the impact of potential breaches and safeguards the public and third-parties from the devastating effects of attacks.

Ensuring good governance around cyber security can also limit reliance on cyber insurance, which is growing increasingly difficult to obtain due to the escalating number of breaches.

ESG and cyber security today

While some business leaders do prioritize ESG, they often concentrate on just a few areas or simply address reporting requirements alone. Nearly 45%  of US business executives say that they intend to increase investments in ESG initiatives. Forty-nine percent plan to increase investments related to cyber security. However, despite the dual areas of investment, few organizations are looking at the two together.

When ESG leaders and cyber risk leaders collaborate, better outcomes are achieved, as initiatives can be transformed into strategic brand differentiators that drive greater perceived value and trust.

ESG, cyber security, executive accountability & board oversight

One way in which cyber security and ESG intersect is via executive accountability and board oversight. Ensuring adequate executive accountability and board oversight helps organizations show their commitment to cyber security and ESG, indicating the capacity to manage cyber security risks in a rapidly evolving landscape.

How to address cyber security as an ESG issue

While this list isn’t comprehensive, it provides a helpful starting point:

1. Connect. Your organization’s ESG and cyber security leaders should connect about policies, agendas, new technologies, and strategic ways to conceptualize new developments.

2. Know the data flow. ESG and cyber security leaders may wish to map out the organization’s data flow in order to show how and where data is collected, created, used, shared, and deleted. Questions to consider include ‘How can we enhance trust for stakeholders and consumers alike?’ and ‘Do we retain adequate safeguards?’

3. Strengthen your programs. To better govern data and to ensure greater sustainability, once you know your data, strengthen your cyber security program. Apply industry-recognized frameworks and specialized technologies. With insights from your ESG managers, apply the aforementioned in ways that also reduce business costs and enhance reporting accuracy.

4. Select information to disclose. In a collaborative fashion, ESG leaders and cyber security leaders can select which aspects of programs belong in ESG reporting. A discussion of this topic may enable leaders to see that there may be additional items worth disclosing to more than meet regulatory requirements. This will depend on program maturity and ESG program standards.

For more ESG and cyber security insights, please see CyberTalk.org’s solutions brief. Want to stay up-to-date with trends in technology? Check out the CyberTalk.org newsletter. Sign up today to receive top-notch news articles, best practices and expert analyses; delivered straight to your inbox.

The post Why cyber security should be treated as an ESG issue appeared first on CyberTalk.