Understanding the Importance of ESG in the Cyber Security Industry

An uptake in high-profile data breaches and the exponential rise in digitization have redefined the dynamics in the cybersecurity industry. Stakeholders have become cagey towards data management practices and cybersecurity vulnerabilities. Lately, companies have started reporting on environmental, social and governance (ESG) performance, largely spurred by public opinion, regulatory requirements and soaring demand from stakeholders. ESG-focused businesses and organizational practices are expected to gain ground to maintain and achieve cyber resilience. With sectors such as fintech companies, oil and gas, financial services, public utilities and retail under immense pressure from the board of directors, investors and other stakeholders to be more transparent, industry players are expected to bank on sustainability.

Incorporating factors beyond financial into assessments of company performance have become paramount amidst a surge in cyberattacks. For instance, in November 2022, Microsoft reportedly blamed a Russian GRU hacking group for cyberattacks on transportation and other logistics industries in Poland and Ukraine. Moreover, surging cybercrime costs, such as lost productivity, destruction and damage of data, intellectual property theft, post-attack disruption, fraud, embezzlement and stolen money, have compelled stakeholders to rethink their strategies. Cybersecurity Ventures states global cybercrime costs could touch USD 10.5 trillion annually by 2025. World Economic Forum’s Global Risks Perception Survey 2021-2022 listed environmental risks as the five most critical long-term threats.

Notably, stakeholders are likely to foster ESG reporting practices to bolster transparency as cyber resilience has become a force to reckon with to augment sustainable earnings. Potential stakeholders envisage a sustainability portfolio as the top agenda amidst issues, including climate change and anti-corruption. Industry players are slated to keep ESG goals at the forefront for an expedition of inclusion, fairness and equitable access to opportunities and ensuring a regenerative and sustainable future.

Key Companies in this theme

    • Cisco Systems, Inc.

    • Palo Alto Networks

    • McAfee, Inc

    • Broadcom,

    • Trend Micro Inc

Is your business one of participants of the global cyber security industry? Contact us for focused consultation around ESG Investing, and help you build sustainable business practices.

Cisco Emphasizes Environmental Stewardship to Tap into the Growth Potentials

Cybersecurity firms have reinforced their position in the global landscape with an increased focus on the ESG pillars. Notably, environmental stewardship has come to the fore to steer the protection and responsible use of the natural environment sustainably. For instance, Cisco is guided by its corporate Environmental Policy and ISO 14001 Environmental Management System (EMS). The company had 30 sites with ISO 14001 certification in the fiscal year 2021. In April 2021, Cisco announced it would be infusing USD 100 million to address the climate crisis and help reverse the climate change impact over ten years.

Furthermore, in the fiscal year 2022, it rolled out the Environmental Sustainability Specialization (ESS) to help channel partners promote product takeback, educate customers, boost their sustainability practices and move to circular business models. During the same period, the company came up with Cisco Green Pay to assist customers in building an environmentally friendly technology strategy to attain ESG goals. It has also furthered its investments in state-of-the-art technology to help users leverage grid decarbonization, monitor grid reliability, water and transportation systems and bolster the workplace. The U.S.-based company remained instrumental in leveraging employees to work from home with AnyConnect VPN, WebEx by Cisco and TelePresence.

Social Performance Gains Ground with McAfee Propelling ESG Profile

With cybercrime-as-a-service becoming pervasive, cybersecurity has become an invaluable part of the ESG for companies, regulators, investors and consumers. The high number of incidents has propelled the need for optimized security operations and a strong social pillar. For instance, Fortinet is gearing to train 1 million people in cybersecurity by 2026. It cashed in on advanced technologies, such as machine learning (ML), artificial intelligence (AI) and deep learning to propel the design and growth of cybersecurity solutions and services.

In addition, pay parity has garnered headlines amidst growing women’s participation in the corporate world and surging role in the global economy. To illustrate, in April 2022, McAfee celebrated three years of maintaining pay parity and claimed to be the first cybersecurity company to attain the policy. Besides, the representation of women was pegged at around 30.9% in 2021, up from 27.6% in the preceding year. The company has also upped its focus on diversity as 16.3% of new hires in the U.S. were underrepresented professionals (Black, American Indian, Hispanic / Latinx, multiracial and Pacific Islande) in 2021.

Companies have fueled their efforts to set audacious goals to communicate the company’s development transparently, boost women’s participation and design long-term sustainable programs that address social impact. To illustrate, around 31% of external hires for VP and above positions in Palo Alto Networks identify themselves as women. Besides, 78% of leadership teams have diverse representation and the company aims for 100% diversity by 2025. The company also bolstered safety in a hybrid work environment. In July 2022, Palo Alto Networks underpinned its Global Security and Safety team by hiring a Senior Global Environmental Health & Safety Manager. It has also underscored its position in the human rights field with “industry best practices” to analyze risks for cases of human rights violations in the supply chain.

Broadcom Fosters Governance Portfolio

Well-established companies are gearing to propel their ESG performance with a bullish approach toward governance policies. Stakeholders, stockholders and employees are expected to focus on the corporate governance framework for accountability and transparency. Prominently, in February 2021, Broadcom adopted the name Nominating, Environmental, Social and Governance Committee (NESG Committee), doing away with the term “Nominating and Corporate Governance Committee.” The company found in its 2021 Employee Ethical Culture Survey that 96.1% of employees were acquainted with the efforts of the compliance and ethics function.

It also expedited compliance training as it noted that more than 99% of its employees completed the course in 2021. During this period, it rolled out the Global Compliance Ambassador program to solidify compliance culture. In essence, the U.S.-based company listed corporate governance, cybersecurity and data privacy, ethics and integrity and product quality in its 2021 ESG priorities.

Key players are leaving to stone unturned to underscore social responsibilities and provide avenues of growth to stakeholders. In doing so, the Board of Directors at Fortinet established the Social Responsibility Committee to introduce the highest level of governance in CSR issues. The company uses corporate governance practices to ensure compliance with all laws and do business ethically. Besides, there has been a surge in independent directors across industry verticals as companies vie to enhance their sustainability portfolio. To illustrate, around 75% of board directors are independent at Palo Alto Networks, while approximately 50% of BoD are diverse with different race, gender, nationality or ethnicity. In the fiscal year 2022, the company established a Security Committee of the Board to boost oversight about security issues, such as cybersecurity.

The competitive landscape alludes to an increased focus on cybersecurity leaders emphasizing innovations and technological advancements. Forward-looking companies and governments are poised to foster their ESG practices to keep abreast with the trend. In October 2022, the Cybersecurity & Infrastructure Security Agency (CISA) joined forces with the National Institute of Standards and Technology and the interagency community to release cross-sector Cybersecurity Performance Goals (CPGs). Meanwhile, in 2021, Fortinet has a dedicated Human Rights Policy to propel ethical business and responsible product use.

Need expert consultation around identifying, analyzing and creating a plan to mitigate ESG risks related to your business? Share your concerns and queries, we can help!

 

Read More ESG Blogs

About Author