Understanding data security as an ESG issue

ESG, the acronym for "environment, social and corporate governance," is a concept that has been around for some time but has undoubtedly grown in relevance over the past few years.

More and more, investment funds have steered their portfolios and contributions towards companies that follow ESG standards. Sustainable finance bonds, for example, surged 76 percent year-on-year to reach $552bn and an all-time first-half record, according to Refinitiv.

The "E" in ESG has undoubtedly dominated the financial headlines and caught the attention of investors and companies looking to reach their climate goals. But the coronavirus pandemic and the recent high-profile cases of cyber-attacks are shifting attention to other issues. The concern with the social responsibility to protect company data and those of customers has become imperative.

Digitization and pandemic

With the Covid-19 pandemic, people brought their work into the home and bought more products - many of them smart, with access to the internet and valuable personal data. As a result, the company's notebook started to access the low-security home internet, Zoom meetings were invaded, and online criminals took advantage of the vulnerability of a population adopting new technologies faster than usual and with less care than they should.

The outcome? The number of cyber-attacks has exploded. Ransomware, a type of attack that "hijacks" data or systems in exchange for paying a ransom, grew 64% between August 2020 and July 2021, according to a report by the company Barracuda. There are countless cases, and most go unnoticed by the general public since companies are very little interested in making their fragility known.

Most go unnoticed, but not all. Some attacks have become so famous that they have increased executives', consumers', and investors' interest and concern in this type of ESG risk. The ransomware attack on Colonial Pipeline in May this year, for example, impacted the production of the pipeline system in the southeastern United States, caused panic among gasoline consumers, and the company had to pay $4.4 million for hackers to release the system.

No wonder, then, that data protection and digital security have become some of the biggest ESG concerns today. In this context, companies cannot afford to be vulnerable. Not only for the cost that attacks can generate—and the expected damage resulting from cybercrime is $6 trillion in 2021—but also for the lost opportunity cost to every investor who does their due diligence and walks away from unprotected companies.

How to protect yourself then?

Amazingly, most of the time, criminals don't use super-advanced technologies and complex codes to hack a computer: they simply log in with your account and password. How? Amongst the most common methods are phishing and the usage of passwords that have been leaked in other attacks which are being reused by hackers. In other words, the most significant vulnerability remains the human being.

Therefore, it is essential that people know the main access methods out there and that companies introduce basic security measures. For starters, multiple authentications are a tool that even the most common social networks already offer their users. Other tools and good practices include frequent password change to avoid reuse, good antivirus software, and data encryption.

Ransomware and other types of cyberattacks are already a reality. Market giants, governments, and private citizens can be targets of these attacks, which multiply at every moment. To reduce your risks, there are basic measures that need to be taken - and safe tools to be implemented in your systems.