For organizations across all industries, cyber security has become an increasingly important board issue with growing public debate and scrutiny. And its connection to the environmental, social and governance (ESG) agenda is unlocking new opportunities that should be explored.
It’s easy to focus on your own cyber security but cyberspace is complex, interdependent and integrated, and being a good cyber citizen truly matters — if the community you are a part of is vulnerable, so are you. There’s growing expectations around social responsibility in cyberspace, which include measures that protect sensitive information, help avoid exploitation, reduce terrorism and focus on the safety of others.
This is more than just a technology issue. It has created a broader community perspective that’s more than just about protecting an organization and its own information assets. And securing your work network while implementing good cyber hygiene are critical steps that must be considered for the common good.
The social impact of cyber security
In this digital age, cyber security and the protection of consumers and organizations is critical to a healthy, safe society — and demands a broader view of corporate social responsibility.
Data breaches can have a huge impact and organizations have a growing responsibility to protect consumer privacy and sensitive data. Customers want to know that their information protection and individual privacy rights are top of mind and that they can have confidence that their personal data won’t be shared, breached or exploited.
Organizations must begin to prioritize the security and privacy of their customer database if they want to attract and keep their clients. If they only consider cyber security incidents as a commercial risk to their organization (i.e., simply “the cost of doing business” to pay a potential ransom), then they ignore the broader implications on their customers, suppliers and the community as a whole.
The impact of cybercrime is increasing and we’re becoming a hyper-connected society as our dependency on the digital world grows. Cyber security plays an essential role in protecting our infrastructure, keeping our increasingly smart cities operating, and enabling everyday life to continue to function. And from a geopolitical perspective, the social dimension of cybercrime is becoming more evident when cyberattacks are used as a tactic in times of conflict.
There’s growing pressure for businesses to be transparent on their corporate commitment activities in cyber security and privacy. Privacy legislation is being rolled out worldwide, to complement some of the more well-established General Data Protection Regulation that exists in Europe. Cyber security is now on the agenda for many regulators with growing demands for timely and comprehensive incident notification and disclosure of cyber security control maturity. And not just from regulators, we see clients, shareholders and investors being increasingly demanding.
By placing an emphasis on security as a social imperative, business can play a significant role in making our digital ecosystem a safer place — as well as building trust with their stakeholders.
A call to action — community response
The power of community action is undeniable. The strongest organizations are the ones open to collaborating with peers — sharing information and good practices. Organized crime groups don’t just attack a single target; they target whole sectors, organizations and their supply chains. When organizations work together with their suppliers, customers and regulators, they can improve the overall standard of cyber security across an ecosystem and even entire industries. No organization is an island in cyberspace; we’re all interconnected and interdependent.
There is also a corporate social responsibility dimension to cyber security that considers how organizations can play a role in protecting the community and vulnerable citizens against cyber bullying, scams and exploitation. Each year, KPMG organizes a Global Cyber Day, and last year member firms reached more than 100,000 students across 590 schools in 60 countries and territories.
A few concrete steps to help drive this idea forward:
- Share with your peers: Play your part in sharing insights and intelligence on cyber threats and good security practices with your peers. Be prepared to lead and be the first to share; it’s too easy to find obstacles to collaboration. Trust benefits everyone when dealing with cyber threats and attacks.
- Focus on ecosystem security: Work to help support key suppliers and the broader ecosystem. This isn’t just about contracts and obligations, it’s also about what you can do to help suppliers build their cyber security capabilities. This involves education, offering advice and support as well as supporting community initiatives, which can help defend the ecosystem.
- Have your customers’ interest at heart: Ask yourself whether there’s more you can do to protect your customers against cyber fraud, identity theft and other forms of exploitation. Can you help them understand the threats and guard their data and transactions, and can you demonstrate experience working with law enforcement and peers to counter cybercrime?
- Invest in the next generation: Business should be heavily involved in helping build up cyber capacity, training and equipping the next generation with the cyber skills needed to be a responsible member of the digital society — today and tomorrow. This brings many benefits — not just reputational — and helps build skills for the future.
- Play your part in digital society: Be a good cyber citizen, play your part in the debates on the future and ethics of our digital society. And ask yourself whether your actions contribute to the societal good.
We are still in the early stages of realizing the importance of community and multi-stakeholder approaches to tackling cybercrime, but I believe that over the long term, every organization has the potential to benefit from raising the bar by being a good cyber citizen and putting cyber security at the heart of their ESG strategies.