Why cyber risk is a core part of ESG

Why cyber risk is a core part of ESG

As COP27 takes place, it is a reminder of how interweaved ESG will be in the future of the financial marketplace. KYND, a cyber risk technology developer, has released a report exploring the unsung hero of ESG – cyber risk.

It stated that there is rising demand for transparency, and this dictates new additions to the regular standards in assessing a company’s sustainability and its societal impact. However, current ESG processes are forgetting the importance of cyber risk.

ESG frameworks were created to show a company’s stance on the environment, their societal impact, and how the company is governed. The aim was to protect investors and provide them with greater transparency. However, without accounting for cyber risk, many of these investors are at risk.

KYND explained that cyber risk is typically ranked as the most immediate and financially significant risk facing businesses. ESG strategies pose a great opportunity to incorporate cyber risk management into ESG governance.

It said, “Not only would this bolster and secure the work already done by ESG frameworks to make companies more sustainable, but it would provide a new baseline for good cyber hygiene in corporate culture. Ultimately investors want to know their investment is secure and sustainable, and cyber risk management is vital to that process.”

The question is, how much risk is ESG facing?

The risks

One of the biggest threats posed is to a firm’s environmental factors. It stated that cyberattacks are becoming more and more common and the recent cyber incidents in the oil and gas industry, such as the Colonial Pipeline hack, show how cyber risk should be a top priority for firms wanting to secure their ESG initiatives.

Additionally, cyber risks are also linked to environmental risks. KYND explained that the effects of climate change, such as floods, heatwaves and wildfires, all pose a threat to business operations, including system availability, and health and safety. Similarly, attacks on critical infrastructure sectors also pose major risks, with the threat of stopping production, hindering the integrity of safety-critical systems or even causing physical damage.

For example, KYND pointed to a recent attempted cyberattack in 2021 on a Florida water treatment facility. If successful, the attack would have increased the amount of sodium hydroxide in the water to an incredibly dangerous and toxic level.

“The fallout from a cyber attack that targets the environment in this way would be completely devastating, demonstrating how utterly crucial it is for a company to implement an effective cyber risk management strategy into their ESG framework.”

Social factor risks

The next major risk faced by companies is the societal impact. KYND stated that criminals are often seeking to steal data for identity theft, financial theft and realistic phishing attacks. If a company falls victim to an attack, then customer data is vulnerable to be stolen and used for illicit activity.

 War in Ukraine has highlighted the risks data theft poses. KYND stated that government and financial websites have been under consistent cyberattacks, as well as NGOs, non-profits and aid organisations. These have disrupted relief efforts and helped spread fake news.

“Never has the link between cyber risk management strategies and the impact on a business’ ESG framework been more stark than in this time of humanitarian crisis and geopolitical turmoil. To prevent this from happening to your investments, effective cyber risk monitoring should go hand in hand with formulating an ESG management strategy in order to avoid widespread damage.”

The risk to governance factors

The final major risk that KYND pointed to was with governance factors. It stated that investor companies are increasingly subjecting organisations to greater regulations and compliance checks before investing.

Around 90% of an organisation’s asset value is intangible. This includes aspects such as brand recognition, trademarks, copyright, intellectual property and proprietary technology. As companies accelerate their digitalisation efforts, this intangible value will only increase.

KYND stated that the increased asset digitisation has already made data the world’s most valuable asset.

“Think of the amount of data each of your investments gather and process daily – be it personally identifiable information, financial data, or any other sensitive information which is not intended for prying eyes.

“Not only has data become a critical and a valuable asset for any organisation, but also the most vulnerable to those looking to capitalise at someone else’s expense: cybercriminals. As a business grows, so does its intangible value, which in turn, increases the potential impact of a successful cyberattack.”

As a result, KYND explained that governance of data and technology is a key element of effective cyber risk management. Regulations like GDPR have sizable breach fines that could damage an organisation’s bottom line if there are not sufficient data protection processes in place. For example, T-Mobile had to pay a $350m fine for an incident with an internet-exposed router with a security vulnerability that caused personal data to be stolen.

There is not just the financial impact a breach could cause. Data loss can cause reputational damage, which can even impact stock value and investment capital. KYND highlighted a data breach at Robinhood, which saw its stock fall by 3.8%.

To find out more about cyber risk in ESG, read the full report here.

Copyright © 2022 FinTech Global

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.