《畢馬威：2023年ESG中的網絡安全研究報告（英文版）（14頁）.pdf》由會員分享，可在線閱讀，更多相關《畢馬威：2023年ESG中的網絡安全研究報告（英文版）（14頁）.pdf（14頁珍藏版）》請在三個皮匠報告上搜索。

1、Cybersecurity in ESGIts time to view ESG and cybersecurity through the same lens.KPMG International| ContentsIntroduction.3Environmental considerations.4Social considerations.6Governance considerations.9Conclusion Creating new links.12 between ESG and securityHow KPMG professionals can help.13Introd

2、uctionEnvironmental considerationsSocial considerationsGovernance considerationsConclusion Creating new links between ESG and securityHow KPMG professionals can help In todays digital economy,businesses face challenges in simultaneously meeting their environmental,social,and governance(ESG)targets a

3、nd ensuring robust cybersecurity and privacy measures.Concerns relating to these areas have been at the forefront of global risk maps for several years.1 According to the KPMG 2022 CEO Outlook survey,2 ESG and cybersecurity are crucial for corporate success.While environmental aspects of the ESG age

4、nda have received significant attention,other elements such as cybersecurity and privacy have not been as well-developed.This is concerning as cyber threats are soaring in frequency impacting business operations,continuity and reputations.This paper aims to explore the connection between ESG and cyb

5、ersecurity.It will discuss the expected benefits of managing these issues together and how an integrated approach can help safeguard an organizations health,business future,and the interests of their customers,clients,and business partners.Introduction1 www3.weforum.org/docs/WEF_Global_Risks_Report_

6、2023.pdf2 CEO Outlook,KPMG,2022Cybersecurity in ESG3 2023 Copyright owned by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and

7、 deedPart 3:Advancing analytics from insight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the heading how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerationsS

8、ocial considerationsGovernance considerationsConclusion Creating new links between ESGand securityHow KPMG professionals can helpIntroduction Environmental considerationsEnvironmental considerationsCybersecurity in ESG4 2023 Copyright owned by one or more of the KPMG International entities.KPMG Inte

9、rnational entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and deedPart 3:Advancing analytics from insight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to

10、 the heading how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionSocial considerationsGovernance considerationsConclusion Creating new links between ESG and securityHow KPMG professionals can helpEnvironmental considerations Cr

11、itical infrastructure faces significant new risksWhen it comes to ESG,environmental factors are a key consideration.However,ESGs link to cybersecurity,although less obvious,is becoming increasingly important.According to the 2022 KPMG survey,64 percent of companies acknowledge climate change as a ri

12、sk to their business.3 KPMG professionals are starting to see cyberattacks that endanger the environment by targeting critical infrastructure such as power plants and water-processing facilities.Additionally,these attacks on industrial control systems can cause equipment malfunctions,environmental d

13、amage and hazards.Organizations need strong cybersecurity to protect their critical infrastructure against threats to their sophisticated and interconnected operational technology.As these incidents become more common,we anticipate greater regulatory focus.Connect security to decarbonization,CO2 red

14、uction and the circular economyMost plans for decarbonization and CO2 reduction rely on digital transformation and the application of smart technologies and automated systems that monitor and manage energy production,distribution and consumption.However,these solutions can create new opportunities f

15、or cybercrime and demand a high level of cybersecurity and data protection.Similarly,introducing new technology solutions to support the circular economy when those systems involve significant financial transactions to incentivize green behaviors,can raise concerns over new fraud patterns.Embedding

16、cyber into these programs can help anticipate the cyber threat and ensure safe and secure operations.At the same time,adhering to data protection principles such as data minimization can reduce the risk of data breaches and ensure regulatory compliance.The digital economy has led to a surge in data

17、processing,resulting in the construction of data centers worldwide.Criminals have found opportunities to exploit weaknesses in the security of data centers and cloud services to steal computing resources,including cryptocurrency mining at scale.Unfortunately,the use of these systems has a negative i

18、mpact on energy consumption and the carbon footprint,for example,implementing the required or best-practice cyber controls like having a secondary data center for improved resilience can lead to higher use of resources and energy.Organizations today need to consider both the pros and cons of cyber r

19、esilience,striking a balance with cybersecurity and ESG targets.Environmental considerationsEnvironmental considerations3 Big shifts,small steps Survey of Sustainability Reporting,KPMG,2022Cybersecurity in ESG5 2023 Copyright owned by one or more of the KPMG International entities.KPMG International

20、 entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and deedPart 3:Advancing analytics from insight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the head

21、ing how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerationsSocial considerationsGovernance considerationsConclusion Creating new links between ESGand securityHow KPMG professionals can helpEnvironmental

22、 considerations Social considerationsCybersecurity in ESG6 2023 Copyright owned by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,wo

23、rd and deedPart 3:Advancing analytics from insight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the heading how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considera

24、tionsGovernance considerationsConclusion Creating new links between ESG and securityHow KPMG professionals can helpSocial considerations Impacts on societys digital landscapeSocial considerations are also a critical aspect of ESG,and cyber risk can significantly impact society,particularly as global

25、 cyberattacks become more frequent and impactful.Digital applications and systems are now integrated into every aspect of our lives,from the personal devices we rely on and the social media we interact through to the sophisticated automated platforms and systems that support digital workplaces and l

26、ifestyles.The 2022 KPMG survey found that 49 percent of companies acknowledge social elements as a risk to their business.4Data protection is criticalThis integration can make you vulnerable to cyber risks that can lead to the theft of personal and sensitive information resulting in identity theft,f

27、inancial fraud and other social harms.Cyberattacks can also disrupt critical healthcare,transportation and emergency services.To address these risks,organizations need strong privacy and cybersecurity measures to protect their data.Additionally,they should have robust incident response plans to mini

28、mize the impact of a cyberattack on critical services.Ransomware attacks are soaringLucrative ransomware attacks continue to increase globally and can quickly cripple an organizations operations and reputation.Amid the severe consequences,many organizations are tempted to pay the ransom.Unfortunatel

29、y,ransomware payments only encourages more crime and creates a costly cycle.To combat ransomware attacks,modern cybersecurity measures should be put in place to minimize their social and financial impact.Freedom of speech faces new threatsPrivacy and cybersecurity also play vital roles in protecting

30、 freedom of speech and securing todays proliferating digital communications channels.Legal protections,promoting digital and media literacy,and supporting diversity and inclusion in online spaces are also important measures.Encryption technologies can ensure that only intended recipients can access

31、information without fear of eavesdropping or surveillance.Cybersecurity can also help mitigate the effects of disruptive attacks targeting websites and online platforms that facilitate free speech and expression.Protect customer information to foster trustPrivacy controls can also play a key role in

32、 limiting the exploitation and misuse of personal information without consent or knowledge.This is vital in maintaining the public trust in organizations.Before regulations such as the EU General Data Protection Regulation,many organizations believed they had ownership over the publics personal data

33、.This changed with the introduction of these regulations.Individuals now have the right to their own personal data,including the right to know what data a company holds and the right to have it deleted.Social considerations4 Big shifts,small steps Survey of Sustainability Reporting,KPMG,2022Cybersec

34、urity in ESG7 2023 Copyright owned by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and deedPart 3:Advancing analytics from in

35、sight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the heading how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerationsGovernance considerationsConclusion Crea

36、ting new links between ESG and securityHow KPMG professionals can helpSocial considerations New concerns on AI and data ethicsUsing artificial intelligence(AI)tools can speed up data collection but raises questions about ethical data usage by algorithms and machine learning.Biases can unfairly affec

37、t individuals or society as a whole.Organizations can positively or negatively impact society based on how they assess risks and safeguard the data they process.New regulations,like the EU AI Act,aim to ensure that AI is used in a way that does not harm.Raising cyber awareness and literacy Many orga

38、nizations are emphasizing their purpose and social responsibility.They recognize that they have a role to play in promoting cybersecurity literacy and awareness,whether across their customer base or supplier ecosystem.These actions can help prevent fraud,encourage brand loyalty and reduce exposure t

39、o supply chain attacks.Some organizations also pursue altruistic aims of building societal awareness of cyber threats,helping develop skills and promoting cybersecurity as a profession while supporting organizations such as charities that may not have the capacity and capability to fully secure thei

40、r own systems.October is Cybersecurity Awareness Month,an annual campaign aimed at raising awareness about cybersecurity and providing resources for individuals and organizations to improve their cybersecurity practices.KPMG,among other organizations,are actively participating in this campaign to en

41、hance security for all.Cybersecurity in ESG8 2023 Copyright owned by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and deedPar

42、t 3:Advancing analytics from insight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the heading how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerationsSocial co

43、nsiderationsGovernance considerationsConclusion Creating new links between ESGand securityHow KPMG professionals can helpSocial considerations Governance considerationsCybersecurity in ESG9Cybersecurity in ESG9 2023 Copyright owned by one or more of the KPMG International entities.KPMG International

44、 entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and deedPart 3:Advancing analytics from insight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the head

45、ing how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerationsSocial considerationsGovernance considerationsConclusion Creating new links between ESG and securityHow KPMG professionals can helpGovernance c

46、onsiderations Keeping regulations in focus amid changeGovernance is the third aspect of ESG as cyber risks can pose significant governance implications.There are various industry or market-specific cyber regulations,such as the US Cybersecurity Risk Management for Investment Advisers,Strategy,Govern

47、ance and Incident Disclosure,Investment Company Names Disclosure,and Nasdaqs Board Diversity Rule.In the EU regulations include the General Data Protection Regulation(GDPR),Digital Operational Resilience Act(DORA)and the revised Network and Information Systems Directive(NIS2).ESG-related regulations

48、 include the European Union Sustainable Finance Disclosure Regulation(SFDR)and Corporate Sustainability Reporting Directive(CSRD).In the US,obligatory disclosure regulations include commission guidance regarding disclosure related to climate change,enhancement and standardization of climate related

49、disclosures,rule ammendments to reg S-K Items 101,103,105 and enhanced disclosures by certain investment advisers and investment companies about environmental,social,and governance investment practices.Measuring the effectiveness of an organizations privacy,cybersecurity and data management practice

50、s can help to determine how well they govern the data they process and share both internally and across borders.ESG data and reporting need to be accurateESG data comes from four main sources:third party data,reported data,derived and functional data,and firm-owned raw data.Significant efforts are b

51、eing put into ESG reporting and reporting assurance,but can you trust that the data is accurate and reliable?Cybersecurity is a critical factor critical factor in ensuring trustworthy ESG reporting.It works to protect data at its sources while being collected,in transit,and after it has been analyze

52、d and reported.In addition,data privacy compliance is also required when personal data is processed in generating ESG reports.ESG compensation models,reporting and data collection can involve automated processes,as well as data modeling and analysis.It is vital that these processes are not manipulat

53、ed or biased to ensure accurate reporting.Cybersecurity is relevant to all three ESG dimensions,so organizations at any stage of their ESG journey should consider reporting cyber posture as part of their ESG reporting.This helps to develop and sustain trust with their customers,employees and externa

54、l stakeholders.SASB and other standards focus on transparencyThe Sustainability Accounting Standards Board(SASB)provides industry-specific standards for reporting on sustainability factors,including environmental,social and governance.The standards are financially important and aim to increase trans

55、parency and comparability in corporate reporting,which can help investors make more-informed investment decisions.However,fewer than half of companies have leadership level representation for sustainability.55 Big shifts,small steps Survey of Sustainability Reporting,KPMG,2022Cybersecurity in ESG10

56、2023 Copyright owned by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and deedPart 3:Advancing analytics from insight to actio

57、n safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the heading how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerationsSocial considerationsGovernance considerationsConclusi

58、on Creating new links between ESGand securityHow KPMG professionals can helpGovernance considerations One of the sustainability factors that SASB covers is cyber risk,which falls under the technology and communications industry,but many other sectors mention it too.Cyber risk is a factor that compan

59、ies should consider disclosing in their public filings and is included under the Data Security disclosure topic,This topic covers a range of cyber threats that could compromise sensitive information and provides guidance on cyber risk management.A similar standard,the Global Reporting Initiative(GRI

60、),is widely used for sustainability reporting.GRI standards include guidance on how companies should disclose their management of cybersecurity and data privacy issues.By including cyber risk as a material sustainability factor,SASB and GRI both recognize that cyber threats can significantly impact

61、a companys financial performance,reputation and long-term sustainability.Companies that disclose their cyber risk management practices and provide information about their data security policies and procedures can improve their transparency and accountability to stakeholders,including investors,custo

62、mers and regulators.However,fewer than half of companies have leadership level representation for sustainability.6Customers expect trustworthy servicesCustomers are more likely to do business with a company they trust to protect their personal and financial information.This is especially true for co

63、rporate customers,who value the safeguarding of their confidential data and intellectual property.Many industries have regulatory requirements for cybersecurity,and organizations that comply with these regulations are preferred by stakeholders.The KPMG survey found that less than half of companies d

64、isclose their governance risks.7Both private and corporate customers want to ensure that the services they purchase meet their ESG and cybersecurity expectations.A companys commitment to ESG can be a sales enabler enhancing its reputation,driving innovation,managing risks,ensuring compliance and imp

65、roving access to capital.Therefore,it is important to consider how sustainable a companys privacy and cybersecurity practices are when doing business.By addressing cyber risks within the context of ESG,companies can safeguard their operations,customers and reputation while fulfilling their broader s

66、ocial and environmental obligations.Governance considerations6-7 Big shifts,small steps Survey of Sustainability Reporting,KPMG,2022Cybersecurity in ESG11 2023 Copyright owned by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights rese

67、rved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and deedPart 3:Advancing analytics from insight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the heading how to make purpose realPart 6:Prioritizing wellbein

68、g and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerationsSocial considerationsGovernance considerationsConclusion Creating new links between ESG and securityHow KPMG professionals can helpGovernance considerations Conclusion Creating new links between ESGa

69、nd securityConclusion creating new links between ESG and securityOrganizations can benefit greatly by exploring the close connection between cyber and ESG risks.Both areas focus on identifying and managing risks and opportunities,leading to enhanced products and solutions and a better society.This c

70、onnection is being increasingly recognized by markets,including ESG rating providers who strive for greater transparency and fairness in measuring and comparing organizations.To protect their critical infrastructure,industrial control systems,and customer data,companies should have robust privacy an

71、d cybersecurity measures in place.Good news is many companies already do,which should positively impact their ESG performance.Additionally,companies should invest in sustainable technology solutions to help reduce environmental impact and minimize exposure to cyber risks.Finally,companies should hav

72、e strong governance structures to oversee privacy and cybersecurity risk management and ensure compliance with legal and regulatory requirements.By addressing cyber risks within the context of ESG,companies can safeguard their operations,customers and reputation while fulfilling their broader social

73、 and environmental obligations.Cybersecurity in ESG12 2023 Copyright owned by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word an

74、d deedPart 3:Advancing analytics from insight to action safelyPart 4:Shopping for talent building talent marketplacesPart 5:Holding to the heading how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerations

75、Social considerationsGovernance considerationsConclusion Creating new links between ESGand securityHow KPMG professionals can helpConclusion Creating new links between ESG and security How KPMG professionals can helpTheres growing pressure for businesses to be transparent on their corporate commitme

76、nt activities in cybersecurity and ESG.Cybersecurity is on the agenda for many regulators with growing demands for timely and comprehensive incident notification and disclosure of cyber security control maturity.And its connection to the ESG agenda is playing a huge role in the future of corporate s

77、ocial responsibility.KPMG firms have experience across the continuum from the boardroom to the data center.In addition to assessing your cybersecurity and aligning it to your business priorities,KPMG professionals can help you develop advanced digital solutions,implement and monitor ongoing risks,he

78、lping you respond effectively to cyber incidents.No matter how you engage,you can expect to work with people who understand your business and your technology.And whether youre entering a new market,launching products and services,or interacting with customers in a new way,sustainable growth is the o

79、nly way to build a successful and resilient business.KPMG professionals are committed to working with you to enhance trust,mitigate risk and unlock new value as you build a resilient business for a more sustainable future.With access to industry-leading experience,data-driven technology,and global a

80、lliances,you can turn insight into opportunity for your business,your people,and the planet.KPMG professionals can help you anticipate tomorrow,move faster,and get an edge with secure and trusted technology.KPMG.Make the difference.How KPMG professionals can helpCybersecurity in ESG13 2023 Copyright

81、 owned by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights reserved.ForewordExecutive summaryPart 1:Delivering strategic flowPart 2:Being digital in thought,word and deedPart 3:Advancing analytics from insight to action safelyPart 4

82、:Shopping for talent building talent marketplacesPart 5:Holding to the heading how to make purpose realPart 6:Prioritizing wellbeing and feeling good Conclusion:How to position for the unknownIntroductionEnvironmental considerationsSocial considerationsGovernance considerationsConclusion Creating ne

83、w links between ESGand securityHow KPMG professionals can helpHow KPMG professionals can helpThe information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity.Although we endeavor to provide accurate and timely information

84、,there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.2023 Copyright owned

85、 by one or more of the KPMG International entities.KPMG International entities provide no services to clients.All rights reserved.KPMG refers to the global organization or to one or more of the member firms of KPMG International Limited(“KPMG International”),each of which is a separate legal entity.

86、KPMG International Limited is a private English company limited by guarantee and does not provide services to clients.For more detail about our structure please visit KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organization.Throughout this

87、document,unless otherwise indicated by quotation marks,“we”,“KPMG”,“us”and“our”refers to the global organization or to one or more of the member firms of KPMG International Limited(“KPMG International”),each of which is a separate legal entity.Designed by Evalueserve.Publication name:Cybersecurity i

88、n ESG|Publication number:138862-G|Publication date:July or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.ContactsMika LaaksonenGlobal Cyber Security ESG Leaderand PartnerKPMG in Finlandmika.laaksonenkpmg.fiAkhilesh TutejaG

89、lobal Cyber Security LeaderKPMG International and PartnerKPMG in IPrasad JayaramanAmericas Cyber Security Leaderand PrincipalKPMG in the USDani MichauxEMA Cyber Security Leaderand PartnerKPMG in Irelanddani.michauxkpmg.ieMatt OKeefeASPAC Cyber Security Leaderand PartnerKPMG A.auNadine HnighausGlobal ESG Governance Lead and PartnerKPMG in G