Companies are investing money in cybersecurity and sustainability initiatives. While the latter may look like a technical investment and the former like an environmental, social and governance (ESG) commitment, there are opportunities at the intersection of the two.
Both cybersecurity and sustainability have a significant impact on businesses. And for either initiative to succeed, leaders must instill company-wide commitment into their culture. Applying a cybersecurity perspective to sustainability and vice versa can help strengthen businesses, but how can management teams take advantage of these opportunities?
Sustainability and the Cybersecurity Triad
The confluence of cybersecurity and sustainability is not necessarily the same for every business. “I think it’s one of those things where it really depends on who the customer is, who the company is and how they look at the world,” Anuj A. Shah, chief executive of Stax Consultinga business consulting services company, reports InformationWeek.
But the CIA triad (confidentiality, integrity, and availability) gives all businesses a starting point for thinking about their operations and sustainability. Without all three sides of this triangle, businesses cannot maintain operations.
“Without these controls, the confidentiality of systems (and) data, the integrity of data or systems and… then, crucially, the availability of those systems and data and the infrastructure that supports… the “Operations just wouldn’t be there,” says Conor Hogan, global practice director, data governance, digital trust, advisory services at BSI Groupa business improvement solutions company.
Additionally, sustainability managers must have access to a company’s protected data. “Sustainability practitioners really need to understand and use data well to do their jobs effectively. They want their impact to expand. They need to understand how to use, manage, obtain and interpret data,” adds Ryan Lynch, Sustainability Practice Director at BSI Group. Questions of access and responsible use fall squarely within the realm of cybersecurity.
Strong cybersecurity protocols can create a foundation for sustainability initiatives. Imagine a company decides to adopt a new technology to improve its sustainability. While this technology can generate energy savings, it also increases a company’s attack surface.
“If you think about things like renewable energy, smart grids and all the modern technologies that are more efficient…than they have been before, how do you actually manage that and continue to make sure that it resists cyber threats? Hogan asked. The answer, of course, lies in the company’s cybersecurity strategy.
Cybersecurity and ESG
Sustainability has its own triad: ESG. What is a company’s impact on the environment and society, and how does it track and share this information?
The environment – the “E” in ESG – is probably the first area that comes to mind when thinking about sustainability. How can cybersecurity have a positive impact on the environment? Cybersecurity is essential to protecting and managing data, which businesses continue to accumulate and exploit in multiple ways.
“It’s sitting somewhere and… that means it’s drawing electricity from a grid,” Hogan says. “So the more data we create, the greater that impact on the world. »
Where does a company store its data? “Moving from on-premises computing to the cloud (is) a great way to save energy,” Bala Krishnapillai, vice president and head of the Americas IT group at Hitachi, an IT consulting and services company, points out. Making this transition is not possible without considering cybersecurity. Businesses are responsible for protecting their data in the cloud.
How much data does a business need? Backups are an essential part of cyber resilience, but retaining all the data a company collects indefinitely is not a sustainable practice.
“Implement appropriate data retention schedules and actually implement them. So only keep the data you need, literally plan to erase or overwrite data in terms of backups… to minimize the physical ecological footprint,” recommends Hogan.
Today, society and the digital world are inextricably linked. People trust their personal data to a multitude of organizations out of necessity. The essential infrastructure that supports daily life relies on technology. These personal data and critical infrastructures are vulnerable to cyber threats. Businesses have a responsibility to individuals and society as a whole to recognize these threats and reduce the risks.
Prasanna Govindankutty, head of cybersecurity for the Americas at a professional services company KPMG, today offers cities an example of how cybersecurity and the “S” in ESG connect. “Many of them are upgrading to become smart cities, and smart cities rely on digital infrastructure. And compromising this digital infrastructure will have a large-scale impact on the societies that depend on it,” he says.
Finally, companies are responsible for governance. How does a business operate and how transparent are these operations? Regulatory, reporting and standards frameworks exist around cybersecurity and ESG. “When we approach cybersecurity, they provide us with the governance, risk management and data privacy framework,” says Krishnapillai.
Sustainability and cybersecurity work together to drive responsible corporate governance. “Sustainability and trust are the two sides of corporate governance. Next…cybersecurity and data privacy could be seen as key enablers. I think that’s how organizations should look at things,” elaborates Govindanutty.
Everyone on the bridge
Cybersecurity and sustainability are separate functions in many companies, but they could greatly benefit from breaking down silos. Sustainability and cybersecurity initiatives require awareness and resources from leadership to permeate a company’s culture and truly achieve their goals.
“It’s no longer a one-man show. It’s really about ownership of that responsibility and management that intersects with the functional direction of the entire organization,” says Lynch.
In more mature organizations, cybersecurity is already involved at the board level, which can allow for better seeing and acting on its intersection with sustainability. But for many organizations, cybersecurity and sustainability are separate, even back-office, functions. “The cybersecurity leader should not wait for someone to come (and) invite them to these conversations,” says Govindanutty.
The stakeholders who need to be involved in cybersecurity and sustainability extend beyond the four walls of a company. Third-party providers are an essential part of a company’s ecosystem.
“When we work with clients to report on their Scope 3 Emissions or to try to reduce greenhouse gas emissions, we must work transversally. We need to work throughout their value chain with their suppliers and even downstream stakeholders,” shares Lynch.
Transparency into a company’s supply chain not only helps companies from an ESG perspective, but also gives business leaders visibility into their cybersecurity vulnerabilities. What are suppliers doing to be more sustainable and how are they implementing security controls to protect their customers?
“Secure IoT devices and supply chains can help you improve the transparency and traceability of that supply chain, but also align with sustainability goals and mitigate cybersecurity risks,” says Hogan .
A secure and sustainable future
The confluence of cybersecurity and sustainability may not yet be fully understood, but businesses will increasingly report on both areas. “What we’re seeing is increased regulation around sustainability data disclosure and ESG data,” says Shah. “It’s going to be very interesting to see… how cybersecurity, sustainability, ESG (and) more standardized data, more disclosures… come together over the next couple of years.”
As this data floods into the market, artificial intelligence will be used to understand it. And AI systems are only as good as the data they are fed. Once again, cybersecurity will come into play and the use of AI should be supported by data integrity and privacy programs.
While AI undoubtedly opens the door to greater cybersecurity capabilities and navigating the growing complexity of sustainability, this also has an environmental cost. “The explosion of various AI services, new capabilities, leads to more computing power and higher energy consumption,” says Krishnapillai.
Business leaders will likely need to balance the environmental costs and benefits of AI.
To find this balance and understand the impact of all sustainability and cybersecurity initiatives, leaders must track their company’s efforts. “You have to have a plan around it, an execution plan. You must follow him. You have to have a budget. You have to have coordination within the organization,” says Shah.
Business cybersecurity and sustainability leaders can identify areas of common interest and drive investment in these areas. Like any other strategic investment, the return can be tracked.
“(Market) boldly some of the security and safety measures that (you) put in place, so that you have the ability to measure customer interaction with your organization, third party interaction with your organization and see if they increase or decrease and make the link with the investments you have put in place”, Govindanutty recommends.
It may take time for business leaders to figure out the potential integrations between cybersecurity and sustainability, but they exist. “Sustainability by design and security by design, privacy by design… taking this proactive ‘by design’ approach (integrates) the different ways of thinking within the organization,” Hogan says.
