How Leaders Leverage Cybersecurity Lessons for Their Corporate Sustainability

Executive teams and Boards often look at Sustainability as an entirely new discipline, one in which they don't have the required skills to understand, evaluate or implement effective strategies.

This often leads to the decision to not make a decision, delaying required commercial projects in the hope or belief of a better time presenting itself in the next quarter/financial year/decade.

Interestingly, such leadership teams can take confidence by leaning on their recent experiences navigating the same transformative stages via their Cybersecurity strategies.

What Does Phishing Have To Do With Water Management?

When we think about corporate sustainability, images of solar panels, recycling programs, possibly someone holding a small plant in their hand, or even floating carbon footprint calculations come to mind. Cybersecurity, on the other hand, evokes thoughts of firewalls, data breaches, and hackers in dark rooms (often, inexplicably, wearing a hoodie).

However, these seemingly disparate realms share a surprising number of similarities: both are critical pillars for long-term business resilience at the governance, strategic, risk management and operational levels of organisations; both can be seen as 'unimportant extra work' by employees if not tied to the overarching corporate strategy; both can either strengthen or weaken the commercial position of a company; and both are increasingly exposed to integrations along a company's value chain of suppliers and customers.

In fact, the Microsoft/CrowdStrike global IT outage is the most recent illustration of how quickly ripple effects can spread through supply chains, creating immediate impacts on businesses worldwide. The pandemic and the Evergreen container ship's blockage of the Suez Canal are other notable illustrations. The commonality the three share is the immediate and long-lasting impact to businesses seemingly unconnected to the source of the problem.

The physical and transition risks related to the successful decarbonisation of organisations are no different in their scale, requiring executive leadership to build internal resilience to external environmental threats.

Risk Management Sits At The Core

Cybersecurity is inherently risk-focused. Organisations proactively identify vulnerabilities in their systems, supplier networks, and data, before enacting measures to protect against potential threats. Optus, MediSecure, and Ticketmaster offer recent examples of the resulting financial, reputational, and regulatory damages we have seen play out time and again.

Corporate Sustainability is also about managing an organisation's short-, medium-, and long-term risk exposure. Companies assess their environmental, social, and governance (ESG) physical risks, from climate change impacts to supply chain disruptions through to social practices, and implement strategies to ensure the organisation's positioning for ongoing and future success. They are also assessing their exposure to transition risks, such as commercial pressures from customers and investors, impacts of new technologies, and the new mandatory climate reporting requirements being enacted by the Federal Government, the Australian Sustainability Reporting Standards (ASRS).

The Critical Need to Build a Culture of Awareness

Just as a well-protected organisation has strong employee-ownership practices at the user level, successful sustainability initiatives rely on employee engagement and an organisation-wide understanding of the importance of responsible practices. This cultural shift encourages all staff to contribute to a more sustainable future by embedding it within their role, rather than simply something they have to do at the end of each day on top of their existing responsibilities.

Data as a Driving Force

Data is the lifeblood of cybersecurity. Analysing network traffic, user behaviour, and threat intelligence helps identify potential threats and enables organisations to respond swiftly by having a clear risk matrix and strategy in place to minimise these threats.

As organisations' Sustainability strategies evolve, data collection and analysis are just as essential for tracking progress towards sustainability goals. Companies measure their emissions, resource consumption, and social impact data to understand how to make the informed decisions key to strengthening the company’s current and future competitiveness.

Long-Term Investment for Long-Term Gains

Investing in renewable energy, eco-friendly technologies, and ethical sourcing may seem costly upfront, but these investments are already providing notable ROI for first-movers. Companies are realising reduced operating expenses, enhanced brand reputation, and increased customer loyalty by evaluating how Sustainability can be a value-add to their business, rather than a compliance mechanism. They are already benefiting from a competitive advantage in tenders due to their competitors' failure to implement robust carbon accounting and waste management strategies.

Cybersecurity is also not a one-time fix but an ongoing investment. Building robust systems, training employees through engaging approaches to ensure company-wide stewardship, and staying ahead of evolving threats require continuous effort, resulting in protecting the company from the costly breaches and reputational damage of ineffective practices.

An Holistic Approach

Just as organisations consider the interconnectedness of their Sustainability actions by recognising that environmental, social, and economic factors are intertwined, Cybersecurity is not just about technology. It is a recognised holistic strategy about people, processes, and policies, addressing all aspects of security to create a comprehensive defence strategy that will ensure the continued success of the organisation.

The Learning Curve is Too Steep for Some Leaders

With the Cybersecurity and Sustainability landscapes moving at such a fast pace concurrently, Executive teams and their Boards are having to commit to upskilling their knowledge in disciplines often foreign to their commercial experience.

There are many embracing this reality as an opportunity, yet for those who are unable (or unwilling) to keep pace, material risks are emerging for their companies and key stakeholders. As we are now regularly observing in both disciplines, sitting back and hoping your company gets through unscathed is not an option for those committed to fulfilling their fiduciary duties.

Where To Next

Corporate Sustainability and Cybersecurity are two sides of the same resilience coin. They are not separate concerns nor mindsets, but rather complementary strategies being utilised to strengthen an organisation's ability to thrive in an increasingly complex and interconnected world.

By recognising these disciplines' shared principles and adopting an holistic approach, businesses can build a future that is both sustainable and secure for their organisation, employees, and customers.