While the focus on Environmental Social and Governance (ESG) issues has gained traction in recent years, both within boardrooms and investment spaces, the focus on carbon credits and workforce diversity has diverted the existential crisis that companies face from cybersecurity. Just as carbon is the byproduct of the third industrial revolution, cybersecurity is the byproduct of the fourth industrial revolution that we continue to live through.
Despite cybersecurity's immediate implication to the individuals at large, the topic gets dismissed as a governance issue and tucked away without the discussion of repercussions to the society at large. According to the AON and Ponemon Institute, 83% of S&P company value intangible and of the companies surveyed in the research, at the average total value of their IP assets such as trademarks, patents, copyrights, trade secrets, and know-how was $578 million in 2020.
A data breach leading to IP theft is not just a revenue problem for an organization, it's a theft of the intellectual capital that is a national asset, and the lost revenue is a component of the GDP that is lost. A data breach leading to PII or PHI theft is not just a loss of trust and loss of revenue problem to the organization, rather an immediate impact to the individual citizens and the cyber threat that they face. A ransom attack on core social services, such as utilities and healthcare, intimately impacts the society through lost individual income and inability to receive urgent care.
Fortunately, when it comes to cybersecurity concerns, unlike carbon impacts, the core impact of cybersecurity hygiene can no longer be disputed. The recent analysis by SecurityScorecard and Cyentia Institute found that 53% of the 1,623,118 organizations assessed have at least one open vulnerability exposed to the internet. And 22% of those organizations amass over 1,000 vulnerabilities each. On average, it takes organizations a year to remedy half of these vulnerabilities, creating a great opportunity for cybercriminals to exploit.
In the hyper-connected globaled world that we live in today, what is more important is creating accountability across all suppliers, vendors, partners, and even the customers that touch the organization. The benefit, however, of the connected world is that the supply chain is digitally connected, creating an opportunity to build the chain of cyber accountability. Understanding your external security posture, and the third- and fourth-party security posture, helps outline obvious vulnerabilities that can be exploited by cybercriminals.
As Cristina Dolan writes in Transparency in ESG and the Circular Economy, data clearly present impacts across the entire ESG spectrum, providing the necessary specificity for informed decision making, and ensuring the transparency and accountability, which uploads sustainability. Luckily for cybersecurity, there is no shortage of real-time data that can be used for effective and impactful decision making.
Anna Sarnek discussed this topic in a recent SecureWorld Remote Sessions webcast, Achieving Business Sustainability with Cyber Risk Quantification, with NielsenIQ CISO Jasper Ossentjuk. Register here to watch the session on-demand.