Cybersecurity Awareness Month: 2023 Trends

October 18, 2023
By iQ Staff
laptop with lock

In honor of Cybersecurity Awareness Month, we compiled our insights on trending risk management topics relating to ESG and reporting.

 

Cybersecurity is not only applicable to the governance aspects of ESG, but it also has social and environmental impact. A data breach, for example, has obvious implications for individuals. In the same vein, an attack on critical infrastructure could mean a temporary disruption or it could result in catastrophic outages that impact people’s ability to live safely in their homes.

The risk that cybersecurity threats pose to business assets are on par with, if not greater than, the risk to people, property and sustainability posed by potentially catastrophic weather events that are triggered by climate change.

Global conflict, an economic downturn and the rise of AI will contribute to the expected continuous rise of sophisticated phishing schemes, ransomware attacks and malware. Vulnerabilities continue to increase.

Incorporating cybersecurity risk assessment into ESG reporting is now essential to providing a full picture of any company’s value and plans for safeguarding that value. Below are some insights to help put this into context.

 

“Incorporating cybersecurity risk assessment into ESG reporting is now essential to providing a full picture of any company’s value and plans for safeguarding that value.”

 

Cybersecurity Is More Than I.T.

Cybersecurity will be increasingly viewed as a risk management function, not a technical/IT function. This applies to companies across a spectrum of industries, even those industries where customer data is not a factor, such as manufacturing. For manufacturers, risks include supply chain disruptions and threats to inventory management or order processing systems, and attacks on highly technical equipment, all of which can completely sideline production capacity and cause a company’s stock to plummet. All companies must be vigilant, proactively report and accept that cybersecurity management is a C-suite level priority.

 

Dont Just “Set It and Forget It

Companies need to have a complete picture of vulnerabilities and avoid a “checklist” mentality. AI may provide advantages to cybersecurity management, but it will also present new opportunities for bad actors to exploit the vulnerabilities that are not top priority or not addressed by cybersecurity management tools. All the cybersecurity management software in the world cannot prevent an improperly trained employee from inadvertently sharing a password with a bad actor. Less monitored systems and processes are more likely to fall prey to attacks. Therefore, proof of a holistic cybersecurity approach is crucial when asserting an entity’s sustained value.

 

Focus on Regulatory Oversight

In September, SEC rules requiring cybersecurity management disclosures for public companies went into effect. Companies are required to share their processes for assessing and managing risk, including details of board oversight of the risk. Investors will increasingly expect boards to be proactive and savvy in the face of cyber risk.  According to Deloitte, “64.8% of public company executives say their organizations will strengthen their cybersecurity programs,” in reaction to the SEC rules. The Deloitte poll also notes that companies will aggressively push third parties such as vendors or partners to step up cybersecurity efforts. The findings also stress the importance of transparent communications among partnering entities in order to make accurate assessments and best manage overall risk.

 

Click here for more thoughts on cybersecurity.