ESG in the age of cybersecurity


July 14, 2021

Firms throughout the developed world have formalised their commitment to their global corporate social responsibility by the way they contribute to improving the management of their environmental impact (E), commitment to social justice (S), as well as sound corporate governance policies (G). These three factors known as ESG are foundational to how a firm’s social responsibility and long-term sustainability is being assessed.  

A corporation’s commitment to ESG is seen as a leading indicator to their long-term sustainable growth and is now being expected by socially and environmentally conscious investors, boards of directors and the changing regulatory environment. Opimas estimates that the value of companies complying with these standards is growing rapidly and went through $40 trillion in 2020, which translates into demand approaching $1 billion annually for the relevant information needed to monitor, measure and comply. 

ESG data and metrics enable firms and their observers to quantify both the intangible and tangible outcomes and shine a light on key corporate behaviours. The behaviour of an enterprise is balanced between the principles it applies to their business practices and the people within the organisation that implement those principles.  

As part of a firms commitment to its ESG responsibilities, digital risk metrics are an important component in the assessment of corporate behaviour. This is because digital risk metrics, at their core, are measuring the behaviours of an enterprise towards this risk which, in turn, is correlated to their exposure to an adverse event. The driver of digital risk metrics is ultimately the underlying corporate approach to security, privacy and regulation (GDPR). Just as corporate conduct is reflected in other ESG metrics, corporate behaviours towards digital risk will determine how resilient an organisation is to future adverse digital events. 

The similarities between digital risk metrics and other ESG metrics are striking in that they are all measuring corporate conduct towards developing and sustaining a better and more responsible global society. Just as generating lower carbon is a global benefit, and that an enterprise's positive inclusive approach to social responsibility will favourably impact those well beyond its immediate spheres of influence, so is digital and data security and privacy. An enterprise’s digital policy has an extensive impact that can ripple through a society given the globally connected economy within which we work and live. A sensitive and constructive approach to digital security has equally positive impacts that are similar to environmental or socially responsible practices. An organisation that adopts and implements positive digital risk practices will enhance their ecosystem across all of its third-party relationships globally. Equally, a poor approach to digital security practices will directly impact the digital risk exposure of its suppliers, customers, employees and investors. 

The inherent similarity between digital risk and ESG makes the former an important addition to the set of ESG metrics investors, directors and regulators should use to evaluate responsible corporate behaviour.  

Charles Clark