As expectations for transparent environmental, social, and governance (ESG) reporting continue to increase across all sectors, stakeholders expect to see better management of carbon emissions, diversity, human rights, corruption, and bribery. We’re now witnessing cyber security rapidly rising to the top of the ESG material topic list for both Boards and Government leaders.
In fact, in a recent survey, cyber security was ranked by 67% of respondents as their top concern1 and is becoming one of the most financially material ESG risks that an organisation may face.
Cyber-attacks and data breaches, similar to those experienced by Optus and Medibank, are increasing in frequency and severity. As the volume of attacks and breaches rises, the financial impact is heightened. A cyber-crime is reported to the Australian Cyber Security Centre every seven minutes, with an average loss of $88,407 for medium-sized businesses2.
But cyber-crimes inflict more than financial loss – they cause reputational damage, loss of data, and significant business disruption. In fact, for many small organisations, a cyber security incident could be terminal once the trust of its customers is lost.
ReGen Strategic (ReGen) is an ESG Advisory whose purpose is to enable projects and services that have a positive social and environmental impact. ReGen has identified cyber security as such a critical issue that it has entered into a strategic partnership with Centium, based on our strong record of helping organisations identify and manage their cyber security risks. We believe that this partnership represents great opportunities for ReGen clients through access to Centium’s experience and expertise.
Cyber security should not be mistaken as a new term for IT or digital, it is about identifying and managing the risks to the confidentiality, integrity, and availability of your data, information, and systems. These are business risks that require proactive governance from the business and should form an integral part of ESG strategy.
Cyber security risks are considered throughout ReGen’s sustainability and ESG services, and are included as an integral part of their ESG maturity assessments, materiality assessments, strategies and reporting.
Many organisations are now disclosing cybersecurity as a material risk in their sustainability reports and annual reports, providing detailed narratives on their mitigation techniques. This also means adjusting their financial investment forecasts and budget accordingly.
ReGen’s ESG maturity assessment plays a key role in enabling organisations to align operations with international frameworks and standards, enhance stakeholder trust and confidence, mitigate risks (including cyber security), and unlock opportunities for long-term value creation.
Organisations demonstrating more advanced ESG maturity in the realm of cyber security point to formalised governance and defined roles such as data owner, data steward and data custodian (often the IT department). The data owner is aware of both the risks and threats that exist and the controls in place to reduce these to an acceptable level (risk appetite).
In the near future, we expect insurance premiums to be determined by the levels of maturity a business has in place to manage its cyber security risks. For those with little in place, higher premiums will be sure to follow. Models such as the Factor Analysis in Information Risk (FAIR) deliver both qualitative and quantitative analysis of risks and provide an excellent basis for engaging business executives in the meaningful evaluation of the risks and effectiveness of controls.
We believe that Cyber Security is such an integral component of ESG that we are running a special three-part series to explore this critical topic. In upcoming parts of this series, we will explore the key first steps in being more secure, applicable benchmarks and standards, where to start, and where to access free resources. We will close the series with an examination of the supply chain and how to be a trusted supplier to win and maintain business.
*Expert guidance is provided from Scott Thomson, Centium and Colin Davies, ReGen Strategic.
If you would like to explore how Centium can help your organisation be digital and cyber resilient, whilst driving sustainable growth, please reach out to Scott Thomson, Director of Cyber & IT at scott.thomson@centium.com.au.
Our Clients
