Why Cyber Security is part of an ESG Strategy

The importance of ESG within companies is growing. But any ESG strategy which does not include an element of cyber security management is making a glaring omission.  

The cost of cyber crime, both financial and societal, is increasing at an alarming rate. Studies suggest that the global cost is increasing 15% year on year. In 2015, the global cost of cyber crime was $3 trillion. In 2025, it is forecast to be $10.5 trillion.   

For society, the costs of cyber crime are harder to measure but equally disturbing. From harrowing tales of lost savings to untold suffering within industries funded by crime. Businesses which take a stance against cyber criminals are, directly and indirectly, having a positive impact upon their customers' lives. 


Environmental benefits of cyber security 

With the proliferation of connected technologies in critical infrastructure and environmental monitoring systems comes in increased impact of cyber security on environmental outcomes.  

Some implications are direct. In 2021, a bad actor took control of a water treatment plant in Florida, changing the sodium hydroxide levels in the water from 100 parts per million to 11,100. Fortunately, the change was noticed before the environmental impact was realised. Had it not been picked up so quickly, the altered water would likely have devastated most living things it came into contact with. Including humans.  

From a less direct perspective, the profits generated by cyber criminals also cause environmental harm. Thanks to its anonymous nature (and popularity among money launderers), the proceeds of cyber crime are often stored in cryptocurrencies. In 2019, the mining of Bitcoin used more energy than the entire nation of Switzerland.  

When they take a proactive approach to cyber security, companies not only reduce the first-order environmental impact of attacks against them. They also reduce the second and third-order impact of future attacks funded by the revenues generated.   


Social benefits of cyber security  

There is a widely-held romantic image of a hacker. A lone-ranger. A rebel in their bedroom wearing an oversized t-shirt and a rebellious smirk.  

The reality is far more sinister.  

Modern cyber crime is an industry; often state-funded. Its profits do not fund pizzas for teenage tearaways. They fund weapons for rogue states, the trade of harmful drugs and other highly problematic industries. 

By taking an active and effective stand against cyber crime, businesses are starving the perpetrators of revenue to fund other illicit activities. 

Of course, businesses do not control their entire attack surface directly. Whilst internal systems, policies and training can reduce the likelihood of a successful attack on a business directly, these things have limited effect through the supply chain.  

Just as companies have a responsibility to ensure ethical employment and sourcing practices among their suppliers, the same applies with their suppliers' cyber security practices. Ongoing monitoring and enforcement of high security standards using tools such as Darkbeam's Horizon platform allows companies to enforce their internal standards through their supply network. 


Governance benefits of cyber security 

The financial cost of a successful cyber attack against a business can be significant. The average cost of a data breach rose to $4.35m in 2022. 60% of small businesses close within 6 months of suffering a successful attack.  

As with any other business risk, its management relies on successful strategic governance. By stating an agreed and realistic appetite for cyber risk, businesses can put in place structures to measure and – where necessary – reduce the risks they face.   

UK Government advice on the topic states that companies should: 

  • clearly link security activities to your organisation’s goals and priorities 
  • identify the individuals, at all levels, who are responsible for making security decisions and empower them to do so 
  • ensure accountability for decisions 
  • ensure that feedback is provided to decision-makers on the impact of their choices 
  • Any approach to security governance should fit into an organisation’s wider approach to governance. Security needs to be considered alongside other business priorities, such as health and safety, or financial governance

For support with any of the above, businesses should approach Darkbeam for a complimentary consultation on their risk tolerance, aims and approach. For information regarding Darkbeam's range of offerings and capabilities, contact us. 


Subscribe Here!