Investment in environmental, social and governance (ESG) is set to grow to $50 trillion by 2025,Kaspersky research has said.
It said with ESG forming a key component of financial reporting in South Africa, and with many businesses in the region on the journey to adapt to international reporting requirements and standards, organisations across the continent are looking for ways to strengthen their portfolios in this regard.
Protection against cyber threats is necessary not only for business continuity, but also for the preservation of the environment and human health,it said .
The report ESG programmes should therefore include aspects of cyber security in order to minimise the risk of the impact of a cyberattack on employees, the ecosystem and society as a whole.
“This is particularly relevant to critical infrastructure, where organisations tend to experience significantly more severe outcomes from operational technology security issues than others,” says Bethwel Opil, Enterprise Client Lead at Kaspersky in Africa.
Kaspersky researchfound that over the course of 2021, there was a 45% increase in the incidence of spyware on computers used for industrial control system purposes when compared to the previous year. A cyberattack on a safety-critical power station or oil and gas installation, for example, has the capacity to have knock-on impacts that touch all components of ESG.
Besides, Kaspersky has found that approximately a third (30%) of companies globally experience significant operational technology security issues. They see four times as many incidents and suffer financial costs that are twice as large. These companies are also more likely to see these cyber risks manifest in terms of physical risk, such as injury or death (5 times more likely) and environmental damage (2.5 times more likely).
“Cybersecurity takes on a new level of importance for local organisations. It is not only about being protected against attacks that can threaten business continuity and damage corporate reputation, and from a business governance point of view, but there is a very real threat against human life and the environment – especially when industrial control system hardware that controls critical infrastructure is attacked,” says Maria Losyukova, Head of Sustainability at Kaspersky.
“As a part of an organisation’s ESG, it will be the cybersecurity team leader’s responsibility to document current practices and to address issues of concern with solid and quantifiable security solutions. The days of enterprises simply declaring ‘We have cybersecurity insurance’ are over.”
Each year it becomes more challenging to secure and protect infrastructure and data assets at an enterprise level. Staff in security operations centres can get overwhelmed with alerts coming from different cybersecurity components. XDR (extended detection and response) products have emerged as a class of automated information security solutions designed to proactively detect threats at various infrastructure levels, respond to them, and counter complex threats.
