Critical National Infrastructure: How secure is your country?


Cyber Security, is it a core part of your ESG?

Beautiful shot of wind turbines under the cloudy sky in the Eiffel region, Germany
Business / Risk Management

Cyber Security, is it a core part of your ESG?

With the costs of a data breach rising by 10% between 2020-2021, the global average cost to a business now sits at a huge  £3.93 million. With these figures focussing board attention and the news of data breaches hitting the media every day, it’s no surprise that companies are looking at how they can ensure their strategies are robust enough to protect them against a cyber disaster.

However, for many companies, the one piece that is often missing from the puzzle is how cyber security fits into Environmental, Social and Governance (ESG). As cyber security shifts from an industry issue to a global business issue, it falls under all pillars of ESG and therefore must be a core part of your strategy. So why have just 31% of UK organisations completed a cyber risk assessment in the last 12 months?

Let’s take a look at why cyber security is a core part of ESG.


As technology has become the interconnecting link within our global infrastructure, the risks posed by these cyber-connected systems becomes even higher. Attacks are now far from just an IT issue and instead affect all industries and departments alike.

The recent COVID pandemic accelerated many traditional industries and utility providers in their digital transformation journeys, occasionally without the planning or expertise to ensure they are safe (connecting water treatment plants and brewing companies Operational systems directly to the internet, by example).

Cyber risks are now a real concern for many systems that operate some of the core environmentally impacting operations across the world, as an attack on these systems could have a significant impact on the wider global infrastructure. With this in mind, all businesses need to put cyber security at the top of their priority list when focusing on environmental factors and evaluate how a breach of these systems may not only affect their business, but also the worldwide infrastructure and thus the environment.


The impacts of a cyber attack on society and the individuals in your business are huge. Thinking about how you keep the data of your employees secure can reduce the chances of identity theft, the risks to vulnerable demographics as well as any exploitation of certain groups. As Social is a core workstream of any ESG strategy, it is a business’s responsibility to focus on diversity and inclusion, but it’s also a core responsibility to look after the data of those employees.

This is even more critical if your business is in an industry that holds data of individuals outside of your organisation. For example, local government, healthcare or social services organisations are at high risk. The impact of a cyber attack can have detrimental effects on the wider societal infrastructure, and diminish trust in the organisation’s values, brand and the people who lead it.


Businesses that fail to implement good governance around cyber security, using appropriate systems, tools and measures will be considerably less trustworthy and resilient to cyber attacks. It is that simple.

Putting a focus on cyber security when looking at wider governance, will ensure businesses are robust and adaptable when it comes to dealing with a cyber attack or data breach. With one small business being hacked every 19 seconds in the UK, there isn’t time to put this to the bottom of the priority list.

Are you looking for a way to demonstrate your commitment to ESG principles and improve your business’s sustainability performance? Get in touch and speak to one of our experts to find out more about C2 Risk’s ESG solution.