Cybersecurity and Sustainability: Opportunities for better governance

In this article, The Purpose Business examines the importance of considering cybersecurity as part of businesses’ Environmental, Social and Governance (ESG) reporting standards.

It should not come as much of a surprise that widespread cybercrime and cyber insecurity appeared in this year’s World Economic Forum’s Global Risk Report ranking in #8 in terms of likelihood and impact, along risk categories such as biodiversity loss and climate change mitigation adaptation. It is therefore not unusual to find cybersecurity in a listed company’s risk register, and this trend is being featured more prominently in recent sustainability reports.

Why is Cybersecurity an integral part of ESG reporting?

1) Cyberattacks have been on the rise, especially in Southeast Asia region

In Malaysia, a web-hosting service (Exabytes) was the target of a ransomware attack which demanded USD$900,000 in cryptocurrency in late 2021. In the same month, a data breach hit a Thailand hospital involving over 10,000 patients’ records. Elsewhere, a data breach severely impacted Optus, an Australian telecommunication company, that led to the details of 10 million customers being compromised.

According to a 2021 Check Point report, the Asia Pacific region experienced a 168% increase in cyberattacks year-on-year, with 59% of businesses reported being a victim of a cyberattack. This issue is also further compounded by the global cybersecurity workforce gap which is estimated to be at 2.72 million in 2021.

2) Cybersecurity impacts not only businesses’ bottom-line but future business valuations

Thoroughly assessing business risks could make a difference in millions of dollars of one’s business value tomorrow. Any risk exposure – whether it is a breach of security in technology systems or a natural disaster in a key market – inevitably equals investor distrust. In general, it is estimated that business can take up to an average of 9 months to identify and contain cyber breaches, which can result in USD 4.35 million in losses globally.

Thus, it is common for Investors to want to see companies managing and being forthcoming in the way they govern risks and referencing standard frameworks would be helpful in guiding businesses in its management.

While there is a veritable alphabet soup of ESG reporting guidelines e.g., GRITCFD, CSP, SASBTNFDDJSIISSB, there is no one-size fit all solution for businesses on which reporting guidelines best represents how to manage risk. However, one thing for certain is that businesses can use such platforms to make better informed decisions. For example, CDP, a widely used platform for disclosing the impacts of climate change, estimates that 680 institutional investors and purchasers, representing over USD$130 trillion, use their data and insights to make better-informed investment decisions.

Thus, businesses need to look internally to assess their individual needs to select the most appropriate standards and guidelines to best serve its needs.

Cybersecurity as a Sustainability issue – Governance is key

At the first glance, cybersecurity and sustainability may seem like two diverse topics – where cybersecurity has traditionally been viewed as a technological issue and sustainability as an environmental issue (although neither of which was ever completely true). However, both issues are connected now more than ever, with both being material concerns for all businesses, requiring leadership and management to focus on having good governance and reporting measures in place.

In today’s context, a robust sustainability strategy should contain cybersecurity as part of the business’s risk management plans, addressing it under the “Social” aspect of ESG, as cybersecurity can have real world implications. As shown by oil giant Colonial Pipeline cyberattack, the victim of a ransomware attack in 2021, the cyberattack led to the shutdown of the pipeline’s digital system, affecting consumers and airlines across the East Coast, triggering price spikes, panic buying and shortages.

Hence, cybersecurity which used to be termed as only an industry concern, or “someone else’s problem”, has now become a threat that all businesses face and cannot simply afford to ignore.

Purpose as the driving force for responsible business

Purpose is the essence of a well-articulated and lived corporate purpose. This includes business’s ESG strategy and cybersecurity measures.

Purpose requires a wholesale shift away from business as usual and requires businesses taking a step back to reassess its necessary transformation. In Southeast Asia, we are in a state of polycrisis (from cybercrime, climate change to the cost of living), thus, a well-articulated purpose represents the opportunity to transform business models to not only deliver value to our shareholders but ensure that its value is equitable to all stakeholders in the long term.

About The Purpose Business

The Purpose Business helps organisations in Asia embed purpose and sustainability into business strategy and operations. They unlock organisations’ purpose and help activate it by delivering on a strategy that helps them understand and manage their ESG impacts to drive positive impact and grow responsibly. Their network of globally experienced sustainability advisors is committed to working with you to build the next generation of sustainable Asian businesses that are fit for purpose. They guide leaders to evolve business as a force for good. For more information, visit their website or connect with them on LinkedIn.

The views and recommendations expressed in this article are solely of the author/s and do not necessarily reflect the views and position of the Tech for Good Institute.

Download Agenda

Download Report

Latest Updates

Latest Updates​

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Founding Executive Director

Dr Ming Tan is founding Executive Director for the Tech for Good Institute, a non-profit founded to catalyse research and collaboration on social, economic and policy trends accelerated by the digital economy in Southeast Asia. She is concurrently a Senior Fellow at the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide.  Her research interests lie at the intersection of technology, business and society, including sustainability and innovation.


Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore, which supports Singapore’s future growth as a global innovation hub for intellectual property creation, commercialisation and management. Prior to joining the public sector, she was Head of Stewardship of the COMO Group and the founding Executive Director of COMO Foundation, a grantmaker focused on gender equity that has served over 47 million women and girls since 2003.


As a company director, she lends brand and strategic guidance to several companies within the COMO Group. Ming also serves as a Council Member of the Council for Board Diversity, on the boards of COMO Foundation and Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.


In the non-profit, educational and government spheres, Ming is a director of COMO Foundation and Singapore Network Information Centre (SGNIC) and chairs the Asia Advisory board for Swiss hospitality business and management school EHL. She also serves on  the Council for Board Diversity and the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.


Ming was educated in Singapore, the United States, and England. She obtained her bachelor’s and master’s degrees from Stanford University and her doctorate from Oxford.