Interconnected safeguards: ESG-cyber security synergy

In 2024, the ever-evolving digital landscape is accompanied by a dynamic shift in the threat landscape. The cyber security domain is poised for a substantial transformation, anticipating a surge in the complexity of cyber threats. In the contemporary digital economy, businesses are confronted with the challenge of harmonizing their environmental, social, and governance (ESG) objectives while ensuring robust cyber security and privacy measures. These concerns have prominently featured on global risk maps for several years. Although the environmental aspects of the ESG agenda have garnered considerable attention, other facets such as cyber security and privacy have not received that much emphasis. This is alarming, given the escalating frequency of cyber threats, impacting business operations, continuity, and reputations.

ESG policies are often perceived primarily as addressing climate change and the social responsibilities of a company. These policies establish ethical practices to protect not only the business itself but also its network of partners and customers, as well as the broader global environment. In this regard, ESG shares common ground with other risk management practices within a company, aiming to mitigate risks for stakeholders and communicate the strategies employed to achieve this. It is imperative for companies to recognize cyber security as an integral component of ESG. Cyber risk stands out as the most immediate and financially impactful sustainability risk that organizations confront today. Those neglecting to implement effective governance in cyber security, incorporating appropriate tools and metrics, will find themselves less resilient and sustainable. Such lapses not only affect the organizations directly but also have repercussions on the interconnected network of entities they rely on, ultimately influencing the stability of companies, communities, and governments.

In 2024, the global business landscape is witnessing a significant shift as enterprises increasingly embrace ESG criteria not merely for regulatory compliance or risk management, but as a pivotal opportunity to reshape their business models. This transformation is underpinned by a profound recognition of the imperative to account for an array of complex external risks that may arise simultaneously. As businesses globally align themselves with ESG principles, the importance of robust cyber security measures cannot be overstated. With the digital realm becoming integral to ESG implementations, ensuring the confidentiality, integrity, and availability of sensitive data is paramount. Cyber security acts as the linchpin safeguarding the integrity of ESG data, protecting against potential breaches that could compromise not only financial information but also critical ESG-related data.

Bangladesh, while relatively new to the ESG arena, stands at a crucial juncture to accelerate its growth by intertwining its ESG efforts with a robust focus on cyber security. As businesses in Bangladesh embark on this transformative journey, it is imperative to recognise that cyber threats are evolving in sophistication and magnitude. A proactive cyber security strategy will not only fortify the integrity of ESG disclosures but also enhance the overall resilience of businesses in the face of cyber challenges. By prioritizing cyber security in tandem with ESG implementations, Bangladesh can not only meet international standards but also foster a secure and sustainable business environment that will undoubtedly contribute to its long-term economic growth. Embracing these dual pillars of ESG and cyber security will position Bangladesh as a forward-looking player in the global business landscape, fostering trust and resilience in an era marked by unprecedented challenges and opportunities.

Traditionally, the integration of cyber security into ESG practices has not been a focal point. However, the landscape is evolving swiftly, catalyzed by high-profile data breaches, the rapid evolution of the digital economy, and the widespread adoption of remote work. Cyber security has become a crucial element of ESG practices, demanding attention from stakeholders such as investors, employees, customers, regulators, and supply chain partners. The paradigm shift requires a comprehensive integration of cyber security into ESG governance frameworks to effectively manage and mitigate the risks inherent in cyber threats.

In the context of Bangladesh, a nation emerging in the ESG arena, businesses should prioritize the incorporation of robust cyber security measures into their ESG strategies. This entails not only addressing current vulnerabilities but also future-proofing against evolving cyber threats. By doing so, businesses in Bangladesh can instill confidence among stakeholders, align with international ESG standards, and fortify their resilience in an increasingly digitized and interconnected world.

ESG ratings have become indispensable in attracting global investors, particularly European institutional investors who mandate ESG compliance for investment decisions. In the past year, seven Bangladeshi companies earned coveted spots in Bloomberg's sustainability list, joining over 16,000 global corporations. Their inclusion in this prestigious list reflects their commendable performance in environmental, social, and governance domains. As these companies navigate the evolving landscape of ESG expectations, ensuring their overall progress involves not only sustaining their current achievements but also fortifying resilience against emerging challenges. Cyber threats, in particular, loom large in the digital era, necessitating a strategic focus on cyber security. To maintain and enhance their ESG standing, these Bangladeshi firms must proactively address cyber risks, safeguarding not only their data integrity but also reinforcing the holistic sustainability commitments that have garnered them international recognition.

The increasing prevalence of cyber risks poses a genuine threat to the essential systems underpinning global environmental initiatives. An attack on these systems could reverberate throughout the broader global infrastructure, prompting businesses to prioritize cyber security as a paramount concern when addressing environmental factors. Companies must carefully assess how a breach in these systems not only impacts their own operations but also holds the potential to disrupt worldwide infrastructure. Despite this imperative, the integration of cyber security into the ESG framework often remains an overlooked facet for many businesses. As cyber security transforms from an industry-specific challenge into a pervasive global social issue, it becomes integral to all pillars of ESG, mandating its inclusion as a fundamental component of comprehensive business strategy.

Taking a broader societal viewpoint, insufficiencies in cyberspace safeguards can result in significant macro-economic harm with far-reaching national strategic consequences. Beyond financial repercussions, these inadequacies encompass issues such as industrial espionage, the dampening of incentives for innovation and investment, and the infringement of data privacy. Moreover, the threats extend to critical functions that serve as the backbone of economic and national security, public health, and the safety and freedom of citizens. What is increasingly evident to investors is that the perils emanating from cyber security vulnerabilities transcend the immediate companies affected and permeate the entire societal framework supporting the economy and market valuations. Recognizing the interconnected nature of these risks is essential for investors to make informed decisions, as the ramifications extend beyond individual businesses to impact the broader fabric of our economic and social landscape.

ESG integration involves factoring in significant non-financial elements in investment analysis to enhance risk-adjusted returns while simultaneously addressing key socioeconomic and environmental issues. Illustratively, the dynamics surrounding carbon emissions and climate change exemplify how heightened awareness and market valuation of ESG risks can bring about tangible real-world effects. A prominent shift is evident in the mainstream adoption of incorporating greenhouse gas (GHG) emissions disclosures into investment processes by investors. Extending this principle to encompass cyber security, businesses now recognize the imperative to integrate robust cyber security measures into their ESG strategies. Just as with environmental factors, acknowledging and mitigating cyber risks not only safeguards the business but also aligns with broader societal interests, making it an integral facet of a comprehensive and forward-thinking investment approach.

ESG and cyber security are interconnected facets, representing two sides of the same coin. The seamless integration of Environmental, Social, and Governance (ESG) principles is complemented by robust cyber security measures, forming a holistic approach to sustainable and secure business practices. By acknowledging the symbiotic relationship between ESG and cyber security, organisations can not only fortify their risk management strategies but also contribute to a more sustainable and secure global business landscape.

Mohammad Ashraful Islam Khan, previously Head of Supply Chain Advisory Services at KPMG Bangladesh, is a management consultant with expertise in operational optimization and supply chain management.

[email protected]