Skip to main content

Cybersecurity – ESG or impact?

cyber security thumbnail 433x720

Cybersecurity is becoming an increasingly prominent topic. The World Economic Forum published its Global Risks Report for 2024 and cyber-attack was ranked the 5th “most likely to present a material crisis on a global scale in 2024”. 1 For private sector stakeholders and governments, it ranked 3rd.

The cost of cyber-attacks is rising. The global cost of cybercrime damage is expected to hit $10.5 trillion annually by 2025, up from $3 trillion in 2015.Lloyd’s of London estimate that a major global cyber-attack has the potential to trigger $53bn of economic losses, equivalent to a natural disaster the scale of superstorm Sandy.3

The frequency is also increasing. Research by Check Point, a major US cybersecurity company, showed that ransomware attacks reached an all-time high in 2023 with 10% of organisations worldwide targeted, a 33% increase on 2022.4

It’s clear that companies need to be considering cybersecurity as part of ESG. Intangible value, including digital assets like software and customer data, now represents 90% of the asset value of organisations. 5 That demonstrates that cyber-attacks present a material threat to the value of a company.

But should we go further and consider it as part of impact?

Cybersecurity and the environment

At WHEB, we define impact as products or services providing solutions to key sustainability challenges. To qualify, we would need to establish that cybersecurity is addressing an aspect of sustainability.  

Looking first at the UN Sustainable Development Goals, there isn’t a goal that deals explicitly with cybersecurity. However, considering the definitions of a few of them there are reasons to believe that cybersecurity could be a contributing factor to achieving a number of goals:

Goal 6: Ensure availability and sustainable management of water and sanitation for all.
Goal 7: Ensure access to affordable, reliable, sustainable and modern energy for all.
Goal 9: Build resilient infrastructure, promote inclusive and sustainable industrialisation and foster innovation.
Goal 11: Make cities and human settlements inclusive, safe, resilient and sustainable.

The increasing use of digital and connectivity tools in each of these areas creates significant cybersecurity risks. There are numerous examples of energy infrastructure being targeted.6 Hackers have also targeted water treatment facilities in the US and Australia.7

The energy transition relies heavily on digital technologies and interconnectedness. As we wrote in a recent article, modernisation of the grid is critical for managing the increasing contribution of renewable energy and greater electrification. Attackers are increasingly targeting these operational technologies and in 2021 a survey of cybersecurity experts identified the energy sector as the most likely to suffer attacks on control systems.8

In his recent cybersecurity strategy paper, President Biden included a specific objective, “secure our clean energy future”.9 This feels like a clear demonstration of the importance of the issue to sustainability outcomes.

Cybersecurity and health

Digital technologies also increase vulnerability in other areas of sustainability, such as health. In 2017, the US Food and Drug Administration recalled 500,000 pacemakers due to the risk of hackers altering the patient’s heartbeat. In 2020 a hospital in Germany was forced to close its emergency department after a ransomware attack.10

The attacks are growing in scale. In February this year, a division of UnitedHealth Group in the US was the subject of a cyber-attack that left healthcare providers unable to fill prescriptions or get reimbursement for insurers. 11  A survey by the America Hospital Association found that 95% of hospitals experienced disruptions from the attack and 74% reported impacts to direct patient care.12

Technology adoption in healthcare is increasing rapidly, whether through wearable devices, hospital equipment or patient data records. That data is being used more widely too. Artificial Intelligence (AI) is a growing topic within healthcare, and high-profile AI companies like Nvidia are investing significant amounts in the industry.13

Cybersecurity and AI

The relationship between AI and sustainability is complex. What is clear is that AI is likely to increase the volume and heighten the impact of cyber-attacks.14 One emerging area is the spread of disinformation, which creates risks to elections and social cohesion.

In Slovakia’s recent election an AI-generated fake video circulated of a candidate discussing plans to manipulate the election, including buying votes15 Elections are vulnerable to a range of technological threats, including hacking, data breaches and more sophisticated forms of manipulation such as deepfakes and AI-generated disinformation.16

There will be over 40 national elections this year covering over 50% of global GDP, including the US and UK. In the US the government’s cybersecurity agency has published a Cybersecurity Toolkit to Protect Elections. One of the recommendations is the implementation of advanced technologies to detect and mitigate potential threats.

Cybersecurity and impact

At WHEB, we are in the early stages of exploring the topic of cybersecurity. But we do think there is a case for categorising it as a sustainability challenge. The challenge is a multifaceted one, and touches on many of our existing themes. The cost of ignoring the challenge is increasing, affecting more companies and more individuals every year.

Our next question is what are the solutions? This will involve looking at cybersecurity providers through the lens of our impact engine analytical framework. We are focusing on two areas where we think companies can have positive impact. First are companies providing products or services that have a differentiated outcome relative to the existing standards. Second are companies focused specifically on protecting the safety of individuals, for example through identity management software. This effectively widens the definition in our existing Safety theme beyond physical safety.

The world was slow to identify and act on existing environmental and social challenges. The consequences of that are now being felt. We hope cybersecurity will be different. And we think that we as impact investors have role to play in opening up the conversation on cybersecurity and starting to look more closely at solutions.

 

Sign up here to receive our monthly and quarterly commentaries in your inbox.

 
1 World Economic Forum, The Global Risks Report 2024, https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2024.pdf
2 https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2021-to-2025/
3 https://www.lloyds.com/about-lloyds/media-centre/press-releases/extreme-cyber-attack-could-cost-as-much-as-superstorm-sandy
4 Check Point, January 2024, https://blog.checkpoint.com/research/check-point-research-2023-the-year-of-mega-ransomware-attacks-with-unprecedented-impact-on-global-organizations/
5 World Economic Forum, “Cybersecurity is an environmental, social and governance issue. Here's why”, https://www.weforum.org/agenda/2022/03/three-reasons-why-cybersecurity-is-a-critical-component-of-esg/
6 Forbes, https://www.forbes.com/sites/johntough/2022/09/29/sustainability-and-cybersecurity-the-unexpected-dynamic-duo-of-the-energy-transition/?sh=7c216a915851
7 https://www.sustainability.com/thinking/the-rising-role-of-cybersecurity-in-esg-and-how-companies-are-taking-action/
8 World Economic Forum, https://www.weforum.org/agenda/2023/10/why-the-energy-sector-and-critical-infrastructure-is-particularly-vulnerable-to-cyber-attacks/
9 The White House, https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
10 https://www.sustainability.com/thinking/the-rising-role-of-cybersecurity-in-esg-and-how-companies-are-taking-action/
11 CNBC, https://www.cnbc.com/2024/03/27/unitedhealth-group-paid-over-3-billion-to-providers-since-cyberattack.html
12 American Hopsital Association, https://www.aha.org/news/news/2024-03-15-aha-survey-change-healthcare-cyberattack-having-significant-disruptions-patient-care-hospitals-finances
13 CNBC, https://www.cnbc.com/2024/03/24/nvidias-ai-ambitions-in-medicine-and-health-care-are-becoming-clear.html
14 National Cyber Security Centre, https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat
15Bloomberg, https://www.bloomberg.com/news/newsletters/2023-10-04/deepfakes-in-slovakia-preview-how-ai-will-change-the-face-of-elections
16 World Economic Forum, https://www.weforum.org/agenda/2023/11/elections-cybersecurity-ai-deep-fakes-social-engineering/

Related

Important Notices:
Risks include: the price of shares (“Shares”) in FP WHEB Sustainability Impact Fund, WHEB Sustainable Impact Fund or WHEB Environmental Impact Fund may increase or decrease and you may not get back the amount originally invested, for reasons including adverse market and foreign exchange rate movements. Past performance does not predict future returns. The Fund invests in equities and is exposed to price fluctuations in the equity markets, and focuses on investments in mid-sized companies in certain sectors so its performance may not correlate closely with the MSCI World Index (the benchmark). For full risks, please see fund prospectus on www.whebgroup.com

 

General: This information, its contents and any related communication (altogether, the “Information”) is issued by WHEB Asset Management LLP (“WHEB Asset Management”). It is intended for information purposes only and does not constitute or form part of any offer or invitation to buy or sell any security including any shares in the FP WHEB Sustainability Impact Fund or WHEB Sustainable Impact Fund, including in the United States. It should not be relied upon to make an investment decision in relation to Shares in the FP WHEB Sustainability Impact Fund or WHEB Sustainable Impact Fund or otherwise; any such investment decision should be made only on the basis of the Fund scheme documents and appropriate professional advice. This Information does not constitute advice of any kind, investment research or a research recommendation, is in summary form and is subject to change without notice. The performance shown does not take account of any commissions and costs charged when subscribing to and redeeming shares. WHEB Asset Management has exercised reasonable care in preparing this Information including using reliable sources, however, makes no representation or warranty relating to its accuracy, reliability or completeness or whether any future event may or may not occur. This Information is only made available to recipients who may lawfully receive it in accordance with applicable laws, regulations and rules and binding guidance of regulators. WHEB Asset Management LLP is registered in England and Wales with number OC 341489 and has its registered office at 7 Cavendish Square, London, W1G 0PE. WHEB Asset Management LLP is authorised and regulated by the Financial Conduct Authority with Firm Reference Number 496413.

 

FP WHEB Sustainability Impact Fund

FundRock Partners Limited (formerly Fund Partners Limited) is the Authorised Corporate Director of the Fund and is authorised and regulated by the Financial Conduct Authority with Firm Reference Number 469278 and has its registered office at 6th Floor Bastion House, 140 London Wall, London, EC2Y 5DN. The state of the origin of the Fund is England and Wales. The Representative in Switzerland is ACOLIN Fund Services AG, Leutschenbachstrasse 50, CH-8050 Zurich, whilst the Paying Agent is NPB Neue Privat Bank AG, Limmatquai 1/am Bellevue, P.O. Box, 8024 Zurich . The relevant documents such as the prospectus, the key investor information document (KIIDs), the Articles of Association as well as the annual and semi-annual reports may be obtained free of charge from the Representative in Switzerland.

 

WHEB Sustainable Impact Fund

The Manager of the Fund is FundRock Management Company S.A., authorised and regulated by the Luxembourg regulator to act as UCITS management company and has its registered office at 33, rue de Gasperich, L-5826 Hesperange, Grand-Duchy of Luxembourg. The Representative in Switzerland is ACOLIN Fund Services AG, Leutschenbachstrasse 50, CH-8050 Zurich, whilst the Paying Agent is NPB Neue Privat Bank AG, Limmatquai 1/am Bellevue, P.O. Box, 8024 Zurich. The relevant documents such as the prospectus, the key investor information document (KIIDs), the Articles of Association as well as the annual and semi-annual reports may be obtained free of charge from the representative in Switzerland. The state of the origin of the Fund is Ireland. The Fund is registered for distribution to professional investors in Austria, France, Germany, Italy, Luxembourg, Norway, Singapore, Sweden and the United Kingdom, and is registered for offering to retail investors in Switzerland, Denmark and the Netherlands. The Fund is also available for professional investors in Belgium and Hong Kong. It is not available to investors domiciled in the United States.

 

WHEB Environmental Impact Fund

The Manager of the Fund is FundRock Management Company S.A., authorised and regulated by the Luxembourg regulator to act as UCITS management company and has its registered office at 33, rue de Gasperich, L-5826 Hesperange, Grand-Duchy of Luxembourg. The Fund is registered for distribution to professional investors in the United Kingdom. It is not available to investors domiciled in the United States.

 

The MSCI information may only be used for your internal use, may not be reproduced or re-dissseminated in any form and may not be used as a basis for or a component of any financial instruments or products or indices. None of the MSCI information is intended to constitute investment advice or a recommendation to make (or refrain from making) any kind of investment decision and may not be relied on as such. Historical data and analysis should not be taken as an indication or guarantee of any future performance analysis, forecast or prediction. The MSCI information is provided on an “as is” basis and the user of this information assumes the entire risk of any use made of this information. MSCI, each of its affiliates and each other person involved in or related to compiling, computing or creating any MSCI information (collectively, the “MSCI Parties”) expressly disclaims all warranties (including, without limitation, any warranties of originality, accuracy, completeness, timeliness, non-infringement, merchantability and fitness for a particular purpose) with respect to this information. Without limiting any of the foregoing, in no event shall any MSCI Party have any liability for any direct, indirect, special, incidental, punitive, consequential (including, without limitation, lost profits) or any other damages (www.msci.com).

Sign up to impact fund updates

Sign up below to receive email updates on our impact investment funds.
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
{{ errors[0] }}
Authorised and regulated by the Financial Conduct Authority Copyright 2024© WHEB. All rights reserved Made by Thursday