Cyber Risk has evolved as one of the major risks for the global economy and order. According to the World Economic Forum Global Risk report-2024, growing cybersecurity is now among the top global risks. This report characterizes cyber security as a “blind spot” for companies and governments. Cyber-attacks are becoming more aggressive and widespread and Cyber security breaches now cost companies more than ever.
- Governance within the ESG framework involves a structured approach to managing cyber risk, utilizing the “Three Lines of Defence” model. The first line includes operational functions like IT and OT, with managers handling cyber risks and policy compliance. The second line, generally the Cybersecurity function, oversees and advises on the first line’s controls, sets policies, and reports to senior management. The third line, Independent Assurance, comprising internal and external auditors, assesses the effectiveness of the first two lines. This model ensures clear roles and centralized governance, with senior management regularly reviewing cyber risk and security performance, tailored to industry-specific trends and incidents.
- Ensuring regulatory compliance is crucial for effective ESG risk management, particularly as cybersecurity becomes a focal point globally. In India, SEBI’s Business Responsibility and Sustainability Report (BRSR), effective from FY22-23, mandates listed companies to disclose their performance against the ‘National Guidelines on Responsible Business Conduct’ (NGBRCs). This includes essential and leadership indicators, with Principle-9 specifically requiring a robust cybersecurity framework. Adherence to these standards and data protection laws like the DPDP Act not only reduces legal risks but also boosts an organization’s reputation for responsible governance.
- Data integrity lies at the core of any ESG framework. Nowadays, organizations rely on vast amounts of data to drive their operations and processes, making the protection of this data paramount. Robust cybersecurity practices ensure that sensitive information remains secure from breaches, unauthorized access, and cyber threats. Organizations must maintain the accuracy and reliability of the information they use and report, upholding transparency and trust with stakeholders.
Cybersecurity measures, such as encryption and multi-factor authentication, protect this critical data from being tampered with, ensuring the company’s operations and compliance remain intact and accurate. - Supporting Sustainable and Ethical Business Operations is a fundamental pillar of ESG. Cybersecurity plays a vital role in supporting these principles by ensuring that business operations are resilient and secure. A breach or cyber-attack can disrupt operations, leading to financial losses, operational downtime, and reputational harm. Such incidents can also have a cascading effect on the organization’s ESG performance.
Moreover, ethical business practices extend to how organizations handle and protect customer data. Cybersecurity practices that prioritize data privacy and security reflect a commitment to ethical behaviour. This fosters trust among customers, investors, and other stakeholders, enhancing the organization’s social license to operate.
Therefore, incorporating robust cybersecurity practices into ESG risk management frameworks is no longer optional; it is imperative. By protecting data integrity, ensuring regulatory compliance, and supporting sustainable and ethical business operations, cybersecurity serves as a cornerstone of effective ESG strategies.
- Advertisement -
