“Embed ESG into your business model” – sounds great, but what does it actually mean for security?
Saying that ESG (Environmental, Social, and Governance) factors can indirectly improve some aspects of your security risk management can be a bit of a bold statement, but they are more intertwined than one would initially think. Looking at it from that perspective, here are a few things to consider:
Climate change and natural/ecological disasters can sometimes have a direct and rather dramatic effect on living conditions, resource availability and overall safety. Besides the direct impact it has on human lives, food and medicine shortages or civil unrest might be the consequences of environmental catastrophes further down the road as well. By running initiatives aimed at the preservation and restoration of the natural environment, the security levels in a specific area can rise and improve. Improving on the “E” can help mitigate risks such as for example, flooding.
Social is about the impact your organisation has on society – income inequality, lack of diversity, poor living conditions and discrimination are the most drastic examples of when a company falls short on the social. Being aware of the company’s activities and how they impact society at large is a good start in figuring out what could pose a threat to your organisation on the social front. Moreover, the better the societal conditions and the safer surrounding area, the less likely it is to have to deal with insider threats and risks such as burglary, public unrest, demonstrations and even terrorist attacks.
Be aware of the governance – what rules and procedures are set within the company and outside of it? Are they contributing to maintaining high-security standards? For example, is the internal governance supporting information/data security? Companies that lack on this front are prone to mismanagement. Make sure that your organisational code, values and systems are supporting your security efforts (e.g. by establishing a whistleblower process and defining an anti-corruption policy) and are communicated in a transparent and accessible way. This way it might be easier to mitigate threats such as corruption, non-compliance or privacy breach when the governance is in order.