Note: this blog was originally published by Secureworld here: https://www.secureworld.io/industry-news/cybersecurity-prevalent-esg-issue
While the focus on Environmental, Social, and Governance (ESG) issues has gained traction in recent years, both within boardrooms and investment spaces, the focus on carbon credits and workforce diversity has diverted the existential crisis that companies face from cybersecurity. Just as carbon is the byproduct of the third industrial revolution, cybersecurity is the byproduct of the fourth industrial revolution that we continue to live through.
Despite cybersecurity's immediate implication to the individuals at large, the topic gets dismissed as a governance issue and tucked away without the discussion of repercussions to the society at large. According to the AON and Ponemon Institute, 83% of S&P companies value intangibles. Of the companies surveyed in the research, the average total value of their IP assets, such as trademarks, patents, copyrights, trade secrets, and know-how, was $578 million in 2020.
A data breach leading to IP theft is not just a revenue problem for an organization, it's a theft of the intellectual capital that is a national asset, and the lost revenue is a component of the GDP that is lost. A data breach leading to PII or PHI theft is not just a loss of trust and revenue problem to the organization, but an immediate impact to the individual citizens and the cyber threat they face. A ransom attack on core social services, such as utilities and healthcare, intimately impacts society through lost individual income and inability to receive urgent care.
Fortunately, unlike carbon impacts, the core impact of cybersecurity hygiene can no longer be disputed when it comes to cybersecurity concerns. The recent analysis by SecurityScorecard and Cyentia Institute found that 53% of the 1,623,118 organizations assessed have at least one open vulnerability exposed to the internet. And 22% of those organizations amass over 1,000 vulnerabilities each. On average, it takes organizations a year to remedy half of these vulnerabilities, creating a great opportunity for cybercriminals to exploit.
In the hyper-connected globalized world that we live in today, what is more important is creating accountability across all suppliers, vendors, partners, and even the customers that touch the organization. The benefit, however, of the connected world is that the supply chain is digitally connected, creating an opportunity to build a chain of cyber accountability. Understanding your external security posture, and your third- and fourth-party security posture helps outline and fix obvious vulnerabilities that cybercriminals can exploit.
As Cristina Dolan writes in Transparency in ESG and the Circular Economy, data is needed across the entire ESG spectrum, providing the necessary specificity for informed decision-making, and ensuring transparency and accountability, which uploads sustainability. Luckily for cybersecurity, there is no shortage of real-time data that can be used for effective and impactful decision-making.
To learn more about this topic, the challenges around communicating cyber risk, and how quantifying it can lead to better business sustainability, watch our on-demand webinar on Quantifying Cyber Risk to Enable Business Growth.