When you think about sustainability, cyber resilience is unlikely to be the first thing that springs to mind.
Yet for many businesses, it is already fairly high up the list of ESG materiality factors, and if digital defences are compromised it can prevent a company from not only providing goods and services, but from providing the infrastructure on which its long-term change initiatives rely.
The threats are real. And with a conflict continuing in the Middle East, and the persistent headlines being thrown out by apparent Russian action at sea and in the air, this week has seen media focus on cyber security increase markedly.
Firstly, the government’s National Cyber Security Centre issued an appeal for business leaders to prepare for more severe cyber attacks in the near future. It cited rising risks to extended operational downtime – with direct customer impact, significant financial loss, long-term reputational damage, and increasing problems for public safety and national security – a concern.
As well as potential cyber warfare acts by foreign states, news reports such as this piece in The Times outlined threats from use of AI platforms, like Anthropic’s Mythos, by organised crime gangs.
The Achilles heel
Resilience against cyber attacks is an ESG driver in the majority of materiality and value frameworks, typically sitting under governance. As this piece on a technology news site points out, maintaining effective cyber security is something that has increased prominence across the sustainability spectrum. Given the reliance that smart grids and renewable energy systems have on it, and that personal data needs to be safeguarded, along with the fact that it supports improved oversight and risk management, cyber security directly drives corporate transparency and accountability.
In other words, it’s often the Achilles heel of both businesses and the sustainable action they take.
In many markets, hardened cyber security is also set to become mandatory, with the European Union’s Cyber Resilience Act leading the way in compelling companies to take protective measures across all connected infrastructure. This, not just on desktop computers, cloud services and mobile devices, but the sensors, nodes and system management software that are increasingly prevalent across physical assets and value chains.
The UK is tightening legislation too. The new Cyber Security and Resilience Bill that is due is set to compel companies providing essential services to the public sector to ensure adequate protection is in place.
For years, cyber security has been the ESG factor that few companies have wanted to talk publicly about, for fear of making themselves a bigger target. As AI continues its expansive march, and as Government measures aimed at reducing risk to the UK force resilience further into the spotlight, that may not remain the case for long.
Written by
Steve Earl, experienced communications advisor.