Integrated Cybersecurity and ESG: Essential for Business Resilience


The digital transformation and cutting-edge technologies focusing on decarbonization, carbon dioxide reduction, and a circular economy can introduce new cyber threats and patterns of abuse. An integrated approach to cybersecurity and ESG (Environmental, Social, and Governance) can protect companies while fostering actions that uphold the interests of customers and business partners. Sustainable tech solutions that ensure safety not only mitigate cyber attack risks but also decrease adverse impacts on the environment, society, and corporate governance.

In today’s world, companies face mounting pressure to show transparency and commitment in areas of both cybersecurity and ESG. This is evident in regulatory bodies demanding swift, comprehensive reporting of incidents and checks on an organization’s cybersecurity maturity. Addressing cybersecurity risks within the ESG framework enables firms to safeguard their operations, clientele, and reputation, while concurrently fulfilling environmental and social obligations. Companies investing in sustainable tech solutions minimize environmental impact and the potential for cyberattacks.

Businesses require robust defenses to shield their intellectual property from external threats. Cyberattacks on digital systems used in industries can lead to the breakdown of critical infrastructure, like power plants or water treatment facilities, posing environmental hazards. Digital transformations and smart tech associated with decarbonization, CO2 reduction, and a circular economy might also birth new cyber threats and exploitation patterns. “The challenge lies in devising a system that strikes a balance between the demands of the digital world and the attainment of essential environmental objectives,” remarks Michał Kurek, Partner and Head of Cybersecurity at KPMG in Poland and Central-Eastern Europe.

The risk of large-scale cyberattacks can affect social issues intrinsically linked to ESG. With digital apps and systems now widespread—from personal devices and social media to advanced automated platforms—organizations need data protection measures and incident response plans to minimize a cyberattack’s ramifications on crucial services or prevent identity theft. Utilizing AI-based tools can expedite data gathering, but this raises concerns about the ethical use of data by algorithms. New regulations, such as the EU AI Act, aim to ensure that artificial intelligence is employed appropriately, considering ethical standards.

The Sustainability Accounting Standards Board (SASB) offers industry standards for sustainable development reporting. These are financially significant and aim to amplify transparency and comparability in corporate reporting, assisting investors in making informed investment choices. Cybersecurity risk, falling under the tech and communication domain, is among the sustainable development factors encompassed by SASB. Another widely-used reporting standard is the Global Reporting Initiative (GRI). “This standard outlines how companies should disclose their cybersecurity and data privacy management,” says Iwona Galbierz-Sztrauch, Partner, Head of Advisory Services for the Financial Sector, and ESG Lead at KPMG in Poland.

Given the constant flux, it’s pivotal to maintain regulations assisting companies in ensuring safety and minimizing potential risks. Notable examples of such initiatives include the General Data Protection Regulation (GDPR), Operational Resilience Regulation (DORA), revised Network and Information Systems Directive (NIS2), Sustainable Finance Disclosure Regulation (SFDR), and the Corporate Sustainability Reporting Directive (CSRD).

Organizations should establish robust governance structures overseeing data privacy and cybersecurity while ensuring compliance with legal requirements, including those from the ESG domain. Recognizing the potential benefits of intertwining these two elements can result in heightened productivity and a favorable company reputation and image.