With the natural advance of technology in companies, data is becoming an increasingly valuable intangible asset and its misuse can have major impacts. As in the case of the DarkSide Ransomware that disrupted the operations of a North American pipeline company, for example, in which a legacy VPN (Virtual Private Network) system without multi-factor authentication was the gateway to the attack. 

The attack caused the interruption of fuel supplies for days, leading to an increase in gasoline prices, panic buying and fuel shortages in the southeastern United States. 

With this kind of impact, cybersecurity is no longer just the responsibility of IT, but a necessity for risk management. 

According to the World Economic Forum, cyber risks are considered the most immediate risks facing organizations today. Those who do not implement good governance in cyber security, according to the forum, using appropriate tools and metrics, will be less resilient and less sustainable. For this reason, digital security should be considered part of companies' ESG (Environmental, Social, and Corporate Governance) agenda.  

ESG: Environmental, Social and Corporate Governance 

ESG is an approach that evaluates how much organizations work towards Environmental, Social and Corporate Governance objectives, and not just with the aim of maximizing profits.  

The assessment is based on the principle that a company can only be successful if it is sustainable. For this reason, evaluation has become extremely important for companies that want, in addition to making a profit, to have a positive impact on their reputation in the eyes of the market and investors.  

In addition to being a trend, adapting companies to ESG strategies has become a prerequisite for competitiveness. In 2020 alone, the ESG agenda represented US$38 trillion in investments and it is estimated that it should attract US$53 trillion by 2025.  

See the importance of cybersecurity in ESG 

Adopting ESG means committing to creating a better, more sustainable world. To do this, companies must implement a number of actions, including cyber protection. This involves  

Sustainability  

As technology systems, such as IoT (internet of things), grow in the manufacturing, mining, oil and gas, retail and utilities sectors, facilitating the automation of operational processes, the risks of a cyberattack and the attack surface increase, leading to a greater need to protect these systems.

A ransomware attack, for example, could have an impact on the distribution of these inputs, their detour or incorrect disposal by malicious intent, affecting society, the environment and the reputation of the companies involved, the three ESG areas. 

Compliance with the LGPD 

In Brazil, the General Data Protection Act (LGPD), which came into force in December 2020, is closely linked to cyber security. In addition to knowing what data a company has, where it is and who is responsible for it, the law requires that information, especially personal information, be protected.  

Today there is a latent threat that everyone fears: the ransomware attack, which hijacks company data to demand a ransom.  

In order to prevent this, as soon as an attack or signs of information leakage are recorded, the company needs to notify the National Data Protection Authority (ANPD) and the market as a whole that it has been attacked by cybercriminals.  

Article 48 of the LGPD states that it is the controller's obligation to notify the ANPD and the data subject of the occurrence of a security incident in which there is a relevant risk or damage to data subjects. And one of the roles of the ESG committee is to ensure that the laws are complied with.  

Governance 

Cyber risks are directly linked to governance and need to be on the agenda of company boards, given that the solidity of corporations is also linked to their cyber resilience, with the increasing use of technology in operations.  

When a company has clear guidelines on principles, greater transparency and corporate responsibility, including constant assessment of the risks of data loss for customers, employees and everyone involved in its processes, it also tends to be more resilient, closing a cycle where cybersecurity protects assets and Governance, in turn, collaborates with well-structured methods and processes. 

Protection against digital threats  

The damage caused by an attack can be inestimable, going beyond financial damage and involving the image and reputation of companies, as well as the people involved in the attack.  

To avoid such losses, companies must create a good incident response plan and a business continuity strategy, aligning the information technology sector with business and corporate governance, as well as investing in cybersecurity solutions. 

Do you need to strengthen your company's cybersecurity? Talk to one of our experts.