Is data governance the next ESG battleground?
A company's risk profile must include its approach to data protection.
Corporate sustainability has historically focused on the “E” within ESG investing. The push to protect natural resources and reduce carbon emissions has led to investors increasingly shunning fossil fuel-based sectors such as energy. By contrast, many favor information technology.
But how accurate is the perception that tech lives in a good neighborhood and energy sits on the other side of the tracks? Internet services and technology companies may be the next major source of controversy. Effectively managing its security and defending against cyberthreats likely will determine if Big Tech keeps its halo.
The technology and communication sectors are booming beyond the biggest players (Facebook, Amazon, Apple, Microsoft, Netflix and Alphabet, the artist formerly known as Google). But since the pandemic forced massive lockdowns, demand has accelerated. Work from home transitioned into living at work. The acute need to operate remotely has resulted in a proliferation of virtual environments. Our digital footprints will increase and become more intertwined, and that’s certainly the case in our daily lives. Try going 24 hours without turning on your smartphone, TV or computer. Heck, try one hour.
Behind these platforms is a cyberspace ecosystem expanding in demand and capacity, bolstered by the growth in the Internet of Things, 5G and automation. The vast amount of personal, confidential and business-critical information at risk demands more robust security and privacy infrastructure by businesses, governments and individuals. Any organization without a clear strategy to safeguard data—the most valuable commodity in a knowledge-based economy—faces the potential for commercial repercussions.
Inadequate data protocols have two major material risks with financial consequences. First is privacy protection. This is good business practice in general, but government regulators are increasingly scrutinizing business on data privacy, as well as investigating responsible use of artificial intelligence and machine learning. Since 2018, businesses based in the European Union have had to comply with new rules governing the process and storing of customer information. Industry leaders will simply need to establish better disclosure and transparency.
Second is the threat of cyberattacks. The security company CrowdStrike reports that more intrusion attempts occurred in the first half of 2020 than in all of 2019, including the high-profile digital assault on SolarWinds and several branches of the U.S. government. The cybersecurity landscape is so volatile that the Biden administration is considering identifying data safety as an issue of national security.
Even before the pandemic, data governance was emerging as a critical ESG concern when evaluating investments in tech and communications companies. As the backbone of the virtual economy, Big Tech platforms are riding a generational wave of disruptive innovation while simultaneously being exposed to acute risks that can depreciate their brand overnight. Scrutiny of data security policy undoubtedly will increase. As industries evolve, so does ESG criteria, unearthing new vulnerabilities potentially harmful to stakeholders and enterprises. Yesterday it was energy. Tomorrow it may be technology.