The article discusses the importance of managing cybersecurity as part of an ESG (Environmental, Social, and Governance) strategy. It emphasizes that cybersecurity is a significant enterprise risk and calls for a paradigm shift in how companies approach and manage cybersecurity and ESG.
The article highlights the impact of cybersecurity on each component of ESG. Under the environmental pillar, cybersecurity is essential for protecting the digital infrastructure of environmental sustainability. In terms of the social component, cyber risk poses threats to national security, public health, and electoral processes. Under the governance component, cybersecurity safeguards financial reporting, administrative systems, and DEI (Diversity, Equity, and Inclusion) initiatives.
The article emphasizes the need for a holistic and comprehensive approach to managing cyber risk in the context of ESG, enterprise risk, and sustainability strategies. It discusses how cybersecurity is recognized by established ESG reporting standards and how regulators are increasingly focusing on cybersecurity governance, processes, and disclosure.
The article suggests integrating cybersecurity and ESG approaches to better coordinate regulatory compliance efforts and adopt a double materiality approach. A double materiality approach considers risks from both a financial value and broader societal impact perspective, helping companies gain a full picture of enterprise risks and sustainability challenges.
The article highlights the role of boards in managing cybersecurity and ESG. It recommends that boards clarify their cybersecurity leadership and oversight responsibilities, adopt a standardized framework for translating cybersecurity threats into financial terms, and ensure sufficient cyber budgets. It also suggests a collaborative approach among key executives and board committees to integrate cybersecurity in ESG strategy and governance.
Lastly, the article emphasizes that an ESG framework that incorporates cybersecurity considerations and adopts a double materiality approach demonstrates a company’s commitment to responsible business in the digital ecosystem, protecting the sustainability of its own business and the welfare of all stakeholders.