Imagine for a moment that you are in a hospital waiting room, eagerly awaiting the arrival of a new addition to your family—a sister, a brother, or a daughter. It’s a joyous occasion filled with anticipation for the next generation. But suddenly, the lights flicker, machines beep erratically, and doctors and nurses rush about in a frenzy. Your heart races as you ponder what could be happening. Eventually, a doctor emerges with a solemn face and delivers the devastating news: “I’m sorry, we lost the baby.”
This scenario isn’t just imagination; it’s a harrowing reality that unfolded in 2019 when Ms. Tehrani Kidd walked into an Alabama hospital, unaware that it was in the throes of a cyber attack. Ransomware had incapacitated critical machines, rendering patient records inaccessible and disrupting vital monitoring systems. As a result, when Ms. Kidd’s daughter was born with complications, the medical staff couldn’t intervene in time, leading to tragic consequences.
This heartbreaking incident underscores a sobering truth: cyber attacks pose a grave threat not only to businesses but also to human lives and societal well-being. While business leaders often prioritize securing their networks and data, they frequently overlook the profound social and economic ramifications of cyber attacks and the harm they cause.
When business leaders contemplate cyber attacks and cybersecurity, their focus typically revolves around securing their networks, computers, data, and hard drives. However, what often escapes their attention are the broader social and economic harms of these cyber threats. While hospitals can make efforts to restore functionality to their machines, the same cannot be said for the tragic consequences faced by individuals like Ms. Kid’s daughter.
The purpose of a business
There is no argument that the fundamental purpose of a hospital is to safeguard and preserve life. However, in certain instances, this noble objective may fall short, as evidenced by the tragic case of Ms. Tehrani Kidd’s daughter.
The overarching purpose of a business has long been a topic of debate. In 2019, 181 business leaders convened at the Business Roundtable discussions to reassess this very question, spurred by decades of adherence to Milton Friedman’s doctrine. Friedman, a renowned economist, championed the notion that a business’s sole responsibility was to maximize profits for its shareholders. This approach has led to some tragic consequences over the years.
Let them burn
A poignant illustration of the consequences of prioritizing profits above all else unfolded in 1968, amid the surge of Japanese compact cars flooding the U.S. market. Eager to capitalise on this trend, executives at Ford Motor Company embarked on the development of their own compact car: the Ford Pinto. However, as testing progressed, a critical flaw in the car’s design emerged – a fatal vulnerability in rear-end collisions. Upon impact, the Pinto’s fuel tank would rupture, leading to catastrophic explosions that posed grave risks to passengers’ safety. Faced with this alarming revelation, the executives opted to conduct a cost-benefit analysis. They weighed the expenses associated with redesigning the car to rectify the flaw against the potential profits from its timely launch.
Ultimately, their decision was clear: prioritizing financial gains over human lives, they chose to proceed with the flawed design, deeming it more cost-effective to allow the tragedies to unfold rather than delay production and forego profits. Ford executives are alleged to have concluded that “its cheaper to let them burn”.
Stakeholders at the centre
The collective recognition of such ethical lapses prompted a paradigm shift among business leaders. After the 2019 Business Roundtable discussions, participants unanimously agreed that the purpose of a business should transcend mere profit generation. Instead, it should focus on creating value for all stakeholders, including customers, suppliers, employees, and the broader community, as well as the environment in which it operates, thus ensuring their sustainability.
Does this imply that companies prioritising stakeholder value and sustainability sacrifice profitability? Not according to findings from a Harvard Business Review report. In fact, companies that prioritise a higher purpose not only achieve returns exceeding seven percent in the market but also demonstrate greater profitability and accelerated growth. This underscores a compelling argument for sustainability and creating stakeholder value. However, as businesses endeavour to embrace sustainability, a crucial consideration arises: what obstacles hinder their progress, and how do they measure this?
Environmental, Social and Governance (ESG)
In today’s landscape, evaluating how businesses generate value for stakeholders and navigate sustainability objectives hinges on a vital metric known as ESG (Environmental, Social, and Governance).
ESG (Environmental, Social, and Governance) has emerged as a pivotal tool for society to gauge how effectively companies are advancing their sustainability objectives and generating value for all stakeholders, not solely shareholders. But what exactly does ESG entail? Let’s break it down.
“E” evaluates a company’s environmental impact, encompassing its use of natural resources, carbon emissions, pollution, waste management, and energy efficiency.
“S” delves into the social aspects, examining how a company manages relationships both internally and externally, including with customers, employees, and promoting diversity within its workforce.
“G” focuses on governance, assessing a company’s adherence to principles and regulations concerning corporate ethics, board independence, and diversity.
While being recently controversial, ESG has evolved into a comprehensive framework for measuring a firm’s sustained sustainability, with sustainability being the ultimate goal while ESG serves as the means of measurement.
Cyber harms erode stakeholder value
However, as businesses embark on the path towards sustainability, they encounter a formidable obstacle: cyber harms.
cyber harm is defined as the negative consequences that an organisation can suffer as a result of successful cyber-attacks. These harms encompass various categories, including Physical/Digital, Economic, Psychological, Reputational, and Social/Societal impacts.
Examining the Environmental, Social, and Governance (ESG) framework through the lens of cyber harms reveals critical implications for each pillar.
Environmental Harm
Consider the environmental aspect: a cyber attack targeting a nuclear or water plant could result in catastrophic harm. A chilling example unfolded in 2021 in Miami, USA, where hackers infiltrated a water treatment facility. Intent on mischief, they manipulated sodium hydroxide levels in the water supply—a move with potentially toxic and corrosive effects on both human and environmental health.
Thankfully, swift action thwarted the attackers’ plans, highlighting the importance of robust cybersecurity measures in averting environmental and ecological harm.
Social harm
From a social and psychological harm standpoint, consider the harrowing tale of Ms. Kidd, whose daughter’s life was tragically impacted by compromised hospital systems during a cyber attack. Such incidents underscore the profound social and psychological implications of digital security breaches. These social and psychological harms are often overlooked when evaluating stakeholder value.
Governance harms
Moreover, from a governance perspective, governments worldwide are tightening regulations to safeguard data privacy and security. In Europe, the General Data Protection Regulation (GDPR) sets stringent standards, while the United States has implemented laws like the California Consumer Protection Act. Similarly, South Africa has enacted the Protection of Personal Information Act. These legislative measures reflect the growing recognition of the need for comprehensive cybersecurity frameworks within ESG considerations.
In this context, cyber harms emerge as formidable obstacles to achieving sustainability goals. As organizations strive to align with ESG principles, they must prioritize digital security to mitigate risks and uphold their commitment to environmental stewardship, social responsibility, and robust governance practices. Failure to directly address these cyber harms undermines not only business objectives but also the broader goal of creating a sustainable future for all.
ESG-D(igital) Security
Imagine your morning routine: the aroma of freshly brewed coffee fills the air, and your local barista offers to add a sprinkle of chocolate to your cappuccino. It’s a tempting addition, but let’s face it – the chocolate sprinkles are just a small enhancement. The true essence lies in the coffee itself, along with the water and milk.
Similarly, in the business world, digital security is often treated like chocolate sprinkles. It’s seen as an optional extra, something to enhance the overall image of sustainability. But in today’s cyber-threat landscape, this approach falls short. We need to elevate digital security to the forefront of our sustainability strategies.
Here’s why:
Firstly, visibility is key. , stakeholders need transparency regarding a company’s digital security practices. Integrating digital security into ESGD ensures that it’s not an afterthought but a fundamental consideration from the outset.
Secondly, transparency breeds trust. By clearly outlining digital security measures within ESGD frameworks, businesses can instil confidence in investors, customers, and the wider public. Transparency also enables thorough analysis, allowing stakeholders to make informed decisions.
Lastly, collaboration is essential. Cybersecurity is not a solo endeavour but a collective responsibility. By incorporating digital security into ESGD, businesses can foster collaboration across industries and communities, pooling resources to combat cyber threats effectively.
Conclusion
In today’s digital age, the integration of digital security into sustainability goals is not just an option; it’s a necessity. We can no longer treat digital security as a mere add-on or sprinkle it lightly over our sustainability efforts. Instead, we must recognize it as the foundation, the cup that holds all other components together. Without robust digital security measures in place, our sustainability goals are vulnerable to cyber harms that can undermine our progress and achievements. It’s imperative to acknowledge that the purpose of a business should extend beyond maximizing profits; it’s about creating value for all stakeholders and ensuring the long-term sustainability. As we aspire to leave a lasting legacy for future generations, we must prioritize securing our digital future.
The social, economic, and psychological harms of digital security breaches are profound and cannot be ignored. We owe it to ourselves and to those who will come after us to prioritize digital security as an integral part of our sustainability efforts. Let us not overlook the lessons learned from past tragedies, such as the loss suffered by Mrs. Kid’s daughter. Now is the time to elevate digital security from a mere afterthought to a fundamental pillar of our sustainability strategy. Only then can we truly enjoy the benefits and safeguard our collective future.