How Cybersecurity and Sustainability Intersect – InformationWeek

Cybersecurity and sustainability might have more in common than enterprise leaders think.
June 6, 2024
Enterprises are pouring dollars into cybersecurity and sustainability initiatives. While the latter might seem like a technical investment and the former a commitment to environmental, social, and governance (ESG), there is opportunity in the intersection of the two.  
Both cybersecurity and sustainability have a material impact on businesses. And for either initiative to succeed, leaders must instill an enterprise-wide commitment into their culture. Applying a cybersecurity lens to sustainability and vice versa can help strengthen enterprises, but how can leadership teams take advantage of these opportunities? 
The confluence of cybersecurity and sustainability isn’t necessarily the same for every enterprise. “I think [it] is one of those things where it really sort of depends on who the client is, who the company is, and how they are looking at the world,” Anuj A. Shah, managing director at Stax Consulting, a business consulting services company, tells InformationWeek. 
But the CIA triad (confidentiality, integrity, and availability) gives all enterprises a starting point to think about their operations and sustainability. Without the three sides of this triangle, businesses cannot sustain operations.  
Related:Sustaining Future Workers and Consumers Moves Up in ESG Efforts
“Without those controls, then the confidentiality of systems [and] of data, the integrity of the data or the systems and … then critically the availability of those systems and the data and the infrastructure that supports … operations just wouldn't be there,” explains Conor Hogan, global practice director, data governance, digital trust, consulting services at BSI Group, a business improvement solutions company.  
Additionally, sustainability leaders need access to an enterprise’s safeguarded data. “Sustainability practitioners need to get really good at understanding and using data to do the job effectively. They want their impact to scale. They need to understand how to use, manage, get, interpret data,” Ryan Lynch, head of corporate social responsibility at BSI Group, adds. Questions of access and responsible use fall squarely into the realm of cybersecurity.  
Strong cybersecurity protocols can create a foundation for sustainability initiatives. Imagine an enterprise decides to adopt a new technology to improve its sustainability. While that technology could drive energy savings, it also adds to an enterprise’s attack surface.  
“If you think about things like renewable energy, smart grids and all of the modern technology that is more efficient … than it has been before, how [do] you actually run that and continue to make sure that it sustains itself against cyberthreats?” asks Hogan. The answer, of course, lies in an enterprise’s cybersecurity strategy.  
Related:AI, Data Centers, and Energy Use: The Path to Sustainability
Sustainability has its own triad: ESG. How does an enterprise impact the environment and society, and how it is tracking and sharing that information?  
The environment — the “E” of ESG — is likely the first area that comes to mind when thinking about sustainability. How can cybersecurity have a positive impact on the environment? Cybersecurity is vital to protecting and managing data, which enterprises continue to amass and leverage in myriad ways.  
“It sits somewhere and … that means that it is drawing electricity from a grid,” says Hogan. “So, the more data we create the bigger the materiality of that impact to the world.” 
Where does an enterprise store its data? “Moving IT from on-prem to the cloud [is] a great way to drive energy savings,” Bala Krishnapillai, vice president and head of the IT group, Americas at Hitachi, an IT consulting and services firm, points out. Making that transition is not possible without considering cybersecurity. Enterprises are responsible for protecting their data in the cloud.   
Related:The Tug-of-War for Cyber Resilience to Guard Water Utilities
How much data does an enterprise need? Backups are an essential part of cyber resilience, but keeping all data that an enterprise collects indefinitely is not a sustainable practice.  
“Implement appropriate data retention schedules and actually put them into effect. So only retain data that you need, have appropriate schedules of data literally being wiped or getting overwritten in terms of backups … to minimize physical green footprint,” Hogan recommends.  
Today, society and the digital world are inextricably linked. People entrust their personal data to a multitude of organizations out of necessity. The critical infrastructure that sustains daily life relies on technology. That personal data and critical infrastructure are vulnerable to cyberthreats. Enterprises have a responsibility to individuals and society as a whole to recognize those threats and reduce risk.  
Prasanna Govindankutty, Americas cybersecurity leader at professional services firm KPMG, offers cities today as an example of how cybersecurity and the “S” of ESG connect. “A lot of them are actually modernizing to be smart cities, and smart cities rely on digital infrastructure. And compromising that digital infrastructure will have an at-scale impact on the societies that depend on it,” he says.  
Finally, enterprises are responsible for governance. How is an enterprise operating, and how transparent are those operations? Regulations, reporting, and standards frameworks exist around both cybersecurity and ESG. “When we bring cybersecurity to that table, they provide us the governance, the risk management, the data privacy framework,” says Krishnapillai.  
Sustainability and cybersecurity work alongside one another to drive responsible corporate governance. “Sustainability and trust are two sides of corporate governance. Then …cybersecurity and data privacy could be viewed as key enablers. I think that is the way organizations should look at it,” Govindankutty expands.  
Cybersecurity and sustainability are discrete functions in many enterprises, yet they could benefit greatly from being de-siloed. Sustainability and cybersecurity initiatives need C-suite awareness and resources to permeate an enterprise’s culture and actually achieve their goals.  
“It's not a one-person show anymore. It's really an ownership in that responsibility and a stewardship that cuts across functional leadership across … the entire organization,” says Lynch. 
In more mature organizations, cybersecurity already has board-level involvement, which can make it easier to see and act on its intersection with sustainability. But for many organizations, cybersecurity and sustainability are separate and even back-office functions. “The cybersecurity leader should not wait for someone to come [and] invite them into these conversations,” says Govindankutty.  
The stakeholders who need to be involved in cybersecurity and sustainability extend beyond an enterprise’s four walls. Third-party vendors are a vital part of an enterprise’s ecosystem.  
“When we're doing work with clients to account [for] their Scope 3 emissions or to try to reduce the greenhouse gas emissions, we have to work across function. We have to work across their value chain with their suppliers and even the downstream stakeholders,” Lynch shares.  
Transparency into an enterprise’s supply chain not only helps enterprises from an ESG perspective, it also gives enterprise leaders visibility into their cybersecurity vulnerabilities. What are vendors doing to be more sustainable, and how are they implementing security controls to protect their customers? 
“Secure IoT devices and supply chains can help you enhance transparency and traceability in that supply chain but also then align with the sustainably goals and mitigate cybersecurity risks,” says Hogan.  
The confluence of cybersecurity and sustainability may not yet be fully understood, but companies will be increasingly reporting on both areas. “What we're seeing is greater regulation around disclosures of sustainability and ESG data,” says Shah. “It's going to be quite interesting to see … how cybersecurity, sustainability, ESG, [and] more standardized data, more disclosures … come together within the next couple of years.”  
As that data pours into the market, artificial intelligence will be put to work understanding it. And AI systems are only as good as the data fed to them. Once again cybersecurity will come into play, and AI use should be supported by data integrity and privacy programs.  
While AI undoubtedly opens the door for greater cybersecurity capabilities and for navigating the growing complexity of sustainability, it also comes with an environmental cost. “The explosion of various AI services, new capabilities, it drives more computer power, higher energy consumption,” says Krishnapillai.  
Enterprise leaders will likely need to find a balance between the environmental costs and benefits of AI.  
Finding that balance and understanding the impact of all sustainability and cybersecurity initiatives requires leaders to track their enterprises’ efforts. “You need to have a plan around it, an execution plan. You need to track it. You need to have budget. You need to have coordination across the organization,” says Shah.  
Enterprise leaders in cybersecurity and sustainability can identify areas of common interest and drive investment in them. Like any other strategic investment, the return can be tracked.  
“Boldly [market] some of the security and safety measures that [you] put in place, so you have the ability to measure customer interaction with your organization, third-party interaction with your organization and see if it is going up or down and map it back to those investments that you put in place,” Govindankutty recommends.  
It may take time for enterprise leaders to find the potential integrations between cybersecurity and sustainability, but they are there. “Sustainability by design and secure by design, privacy by design … adopting that ‘by design’ proactive approach [embeds] the different way of thinking in the organization,” says Hogan.
Carrie Pallardy
Contributing Reporter
Carrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.
You May Also Like
Tales of a Modern Data Breach: The Rise of Mobile Attacks
The CIOs Guide to Enhancing GRC in 2024
Enhance Cloud Security with Cloud-Native Security
2024 InformationWeek US IT Salary Report
*The Need for Modern Observation in Complex Cloud Environments
Enterprises’ Biggest Obstacles to Maintaining Cyber Resiliency
Using Security Automation to Solve Workforce Shortages, Alert Fatigue, and More
2022 State of Network Management
Jun 4, 2024
Jun 3, 2024
Jun 6, 2024
Jun 6, 2024
Tales of a Modern Data Breach: The Rise of Mobile Attacks
The CIOs Guide to Enhancing GRC in 2024
Enhance Cloud Security with Cloud-Native Security
The Benefits of Unifying Digital Experiences
Horizons of Identity Security 2023-24
Attacker Economics Infographic
Productivity Solution
Convera, a Customer Success Story
[Virtual Event] Cyber Resilience in 2024: Availability is Your Best Ability
2024 InformationWeek US IT Salary Report
*The Need for Modern Observation in Complex Cloud Environments
Enterprises’ Biggest Obstacles to Maintaining Cyber Resiliency
Using Security Automation to Solve Workforce Shortages, Alert Fatigue, and More
2022 State of Network Management
Copyright © 2024. All rights reserved. Informa Tech, a trading division of Informa PLC.