Weekly Dose of ESG — Cyber World
Cyber World
Saturday, 19th March 2022
What is going on?
Covid pandemic accelerated our dependence on digital realm, as companies moved their operations online — you probably had a Zoom call or two, in the past year… This shift was like Christmas for the cyber underground as cybercrime surged, taking advantage of the unprepared businesses and consumers.
One of the most serious hacks last year was the cyber-attack on Colonial Pipeline, the US largest fuel pipeline, which lead to energy shortages in some parts of the country. Hackers managed to compromise the infrastructure, through obtaining a single password and the pipeline had to pause its operations for the first time in 57-year history. Fast forward to 2022, we live in the era of hybrid warfare — a combination of combat on the ground but also in cyber space via attacks from critical infrastructure to disinformation campaigns on social media. Having said that, many are surprised that Russia has not launched any major cyber-attacks on Ukraine… yet. Nevertheless, western businesses are on alert for pro-Russian hackers and the White House even issued an executive order requiring US companies involved in critical infrastructure to report on cyber hacks.
What does it have to do with ESG?
You are probably familiar with the concept of cyber security in a less prestige context — downloading anti-virus, installing the latest software update, or your IT colleagues resetting your password (thank you!).
But the World Economic Forum states that “cyber risk is the most immediate and financially material sustainability risk that organizations face today.” This is barely surprising since intangible assets such as intellectual property, code, data, R&D are amongst companies’ key assets. Within ESG criteria, cyber sits between “S” as data, customer satisfaction, reputational risk or product safety and “G”, management of risks or critical incidents — overall, standard business practices. As such, building cyber resilience and protecting company’s intangible assets is just building business resilience. For example, the average cost of a data breach is $4.2mn and the annual cost of cybercrime is projected around $6 trillion. So it is no coincidence that the cost of cyber insurance (as a form of risk mitigation) is skyrocketing, with a 130% price increase in the US and a 92% increase in the UK, just in the fourth quarter of 2021 alone!
What is the takeaway?
Cyber security has been often viewed as pure technology rather than a business issue, however cyber-attacks can pose existential threats to companies. Investors need to be aware of the exposure to cyber-incidents via their investee firms and the impacts on their portfolios. A company’s approach to cyber governance can be a proxy for the strength of cyber resilience, enabling investors to assess whether a company has a robust organisation wide approach to cyber security. Monitoring the cyber resilience of individual businesses should be therefore in every investor’s interest.
Stay safe, update your passwords, and see you next week!
Paula & Philipp
