* Adriana Offidani
Created in 2004, the term ESG has been a fundamental pillar for companies ever since. Contemplating a company's environmental, social and governance issues, this acronym has become the north for corporations to act in a more assertive and advantageous way, thinking about socio-environmental responsibility factors, reputation and credibility within the competitive market. Although the three letters are of fundamental importance to the concept, in this article I will delve into the topic of corporate governance, especially with regard to the issue of cybersecurity.
This choice came shortly after the World Economic Forum reaffirmed the relevance of this topic within the current business context. According to the organization, “Cyber risk is the most immediate and financially material sustainability risk organizations face today. Those who fail to implement good cybersecurity governance, using appropriate tools and metrics, will be less resilient and less sustainable.”
As much as cybersecurity already has direct implications in the three areas of ESG, it is practically impossible to detach the importance of governance from its operation. With technology becoming indispensable for the operation of corporations, security within this sphere has become a decisive part in protecting against various external and internal attacks that can cause material and non-material damage, such as theft or leakage of confidential data, espionage and other actions that can generate direct impacts on the reputation of a company. That is, it is possible to say that cybersecurity directly protects governance, while governance is also applied in methods and processes for the protection of technology assets.
All this becomes even more evident in the face of the current scenario in which we live. A 2021 survey by Ernst & Young reveals that illicit attacks on corporate technology systems increased by approximately 300% during the Covid-19 pandemic period.
And the trend is that these attacks continue to increase, especially in companies that do not have proper management. Even for this reason, what is seen in the market is a latent concern of this theme. So much so that market analysts at GlobalData estimate that global cybersecurity spending should reach US$198 billion by 2025. The figure, which currently amounts to something in the region of R$1 trillion, symbolizes a 58% growth of what is currently invested in the sector.
However, all this investment alone does not guarantee the success expected by companies. In addition to all this preparation and injected capital, the corporation must have a well-defined governance over its protection in the virtual environment, aiming to optimize its operations and bringing with it a series of benefits related to the centralization of controls, greater agility and consolidation of the works. .
More than that, a structured governance guarantees an improvement in the management of the corporation, in addition to contributing to clear guidelines on the company's principles, greater transparency and corporate responsibility. All this guarantees a company that is vigilant to the requirements demanded by the laws, norms and rules governing its field of activity. The conjuncture of all these factors creates a scenario of uniformity and effectiveness in controls within the entity, working in a centralized flow for information, which allows avoiding rework and minimizing communication failures.
Fortunately, today there is a good maturity of the teams responsible for IT security with governance issues. The requirements of controls over legislation, structures, norms and best market practices are very strong for those who are in the area, so it is natural that there is familiarity with the concepts. However, a report published by the “Global Cybersecurity Outlook” emphasizes that companies need to ensure that cybersecurity and business work in alignment. Only in this way will it be possible to ensure that the organization acts in accordance with internal and external guidelines without giving up the desired security.
Therefore, centralizing the negotiations involving the processes of a company are fundamental steps for these corporations to adapt to the main structures of controls that are applied to the ESG. This acronym is now a definitive global concept and companies that are more adherent to its concepts will have advantages over competitors, will be more attractive to investors, will win the admiration of the general public and will guarantee the best security of their data and products.
* Adriana Offidani, Director of Compugraf – Responsible for conducting the Privacy (LGPD), Compliance, Legal, Financial, HR and Administrative areas at Compugraf, Adriana has experience in leading projects related to risk and cost reduction, directly reflecting on the improvement of the company's productivity.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies