15-05-2025
Leading the charge: The ESG imperative in safeguarding critical infrastructure
The rise in cybersecurity attacks targeting critical infrastructure has become an urgent national security concern, impacting business operations and community safety. A recent SP Global report reveals that physical security incidents on the U.S. power grid, which resulted in measurable outages, increased by 71% from 2021 to 2022. This highlights the vulnerability of essential services like energy, utilities, and power grids and the serious consequences of any disruptions.
Cybersecurity risks are just as alarming. According to Morningstar Sustainalytics, nearly 38% of utility companies worldwide had weak cybersecurity management practices in 2022, leaving critical systems exposed to potential cyberattacks that could disrupt energy supply, endanger public safety, and destabilize operations. The increasing use of connected devices in these sectors only adds complexity, opening up more opportunities for cybercriminals to exploit vulnerabilities.
SIGNIFICANT CYBERSECURITY LAPSES
One example of how significant cybersecurity lapses can be is the 2017 Equifax data breach. Hackers took advantage of an unpatched vulnerability in Apache Struts despite a public warning. The breach exposed the personal information of 143 million Americans and cost the company over $1.4 billion in damages. This breach shows the catastrophic consequences that can arise when corporate boards do not treat cybersecurity as a top priority.
Additionally, the 2025 breach of multiple Australian pension funds further highlights how vulnerabilities in financial systems can have real-world consequences. Cyberattackers targeted major funds like AustralianSuper, Rest Super, and Hostplus, leading to the theft of A$500,000 from compromised accounts. The breach not only jeopardized the financial assets of millions of members, but also tarnished the reputation of the funds involved. This is a stark reminder that any institution with assets is vulnerable to a cyberattack.
A RISE IN DEVICE ADOPTION
The growing reliance on connected devices in critical infrastructure is projected to continue to climb globally. Statistica's 2024 Transforma insights predict a sharp rise in device adoption across these sectors. While these devices bring significant efficiencies and innovations, they also open the door to new cybersecurity risks. As the attack surface increases with each new device, the potential for vulnerabilities to be exploited grows, intensifying national security concerns and increasing the risk to critical systems.
Cybersecurity breaches that expose customer data or compromise critical infrastructure also raise major environmental, social, and governance (ESG) issues. These breaches can severely damage company reputations, erode public trust, and destabilize society. Protecting infrastructure is now about more than just business continuity—it's about fulfilling corporate social responsibility and ensuring the long-term success of the organization.
PRIORITIZING CYBERSECURITY
Given the scale of these risks, corporate boards must prioritize cybersecurity. Securing critical infrastructure is no longer optional—it's a national security priority. Boards must ensure that robust cybersecurity measures are not only implemented but also continuously tested, updated, and aligned with the constantly evolving threat landscape. Failing to act leaves organizations open to substantial financial, operational, and reputational harm, making cybersecurity an essential part of their leadership duties.
As critical infrastructure becomes more interconnected, ensuring its security is essential to preserving the availability, integrity, and reliability of essential services. Collaboration among industry leaders, government entities, and cybersecurity experts is necessary to develop and implement strategies to protect these systems from growing threats. The need for coordinated action and strong security frameworks has never been more urgent.
Securing critical infrastructure isn't just about protecting business assets; it's about safeguarding our communities, ensuring the continuity of essential services, and protecting national security. As connected devices continue to be adopted, cybersecurity must remain a top priority, particularly within sectors that provide vital services. Corporate boards must make cybersecurity a central part of their strategy, ensuring it is prioritized to support the long-term resilience and viability of their organizations.
