By Anna Sarnek and Cristina Dolan

In recent months there have been an increasing number of cyber attacks on critical infrastructure, financial networks, healthcare, and other networked systems. Despite this prevalence, however, investor and board pressure on Environmental, Social, and Corporate Governance (ESG), tends to focus on environment and social justice, while cybersecurity is left to the regulators and the insurance industry to tackle.

Companies need to start looking at cybersecurity as part of ESG. Cyber risk is the most immediate and financially material sustainability risk that organizations face today. Those that fail to implement good governance on cybersecurity, using appropriate tools and metrics, will be less resilient and less sustainable. This in turn has an impact on the other organizations they rely on, and ultimately on the stability of companies, communities and governments.