A recent Kaspersky report revealed that over a third (38%) of industrial organizations do not have a dedicated role responsible for environmental, health and safety matters, such as a Chief Sustainability Officer or an Environment Director. There are also no dedicated ESG (Environmental, Social, and Governance) frameworks or standards in place in 36% of organizations. These expert roles and measures are necessary to help mitigate the sustainability risks created by cyberattacks.
Sustainability and ESG should be a top priority for industrial organizations. The United Nations General Assembly set out 17 Sustainable Development Goals (SDG) in 2015, with SDG 9 covering industry, innovations and infrastructure. The goal calls for resilient infrastructure to promote inclusive and sustainable industrialization and to foster innovation.
Within industrial organizations, a dedicated sustainability role and ESG standards are important in preventing or minimizing related risks, such as those caused by cybersecurity incidents. One-in-ten businesses face cyber-incidents resulting in the injury or death of employees (13%), environmental damage (13%) or impacts on national security (13%).
To manage these risks, 61% of industrial companies are extending cyber-protection measures to the parts of their infrastructure where disruption can cause harm to their employees or damage to the environment. More than half (59%) of organizations surveyed have already included environmental concerns in their risk assessment programs and 56% of companies have a Chief Sustainability Officer validate all dedicated cybersecurity projects.
“Today, on Earth Day, it is the right time to stress that protection from cyberthreats is not only essential for business continuity but also for sustainable development, environmental protection, the health of organizations and people as a whole. ESG and sustainable development managers and programs should include a cybersecurity aspect to their agendas to minimize the risk of a cyberattack’s impact on employees, the ecosystem and society. Strong protection measures and dedicated solutions need to cover the most critical parts of the OT/ICS environment and IT/OT security teams should develop mitigation measures for any attack outcomes,” comments Anton Shipulin, Industrial Cybersecurity Lead.
The full report, “Kaspersky ICS Security Survey 2022: The seven keys to improving OT security outcomes” is available to download here.