2022 began with successful ransomware attacks against global IT and digital transformation providers, no thanks to the notorious LAPSUS$ ransomware gang. Often, any discussion about ransomware impact has mostly centered on affected organizations. Rightly so, as victimized organizations usually suffer significant disruption to their operations. In 2021, the US Federal Bureau of Investigation received 3,729 complaints identified as ransomware. Recently, a company closed all of its 175 stores in Denmark due to a ransomware attack. Globally, 81% of organizations are highly concerned about ransomware attacks. 

A recent Sophos report showed that “66% of organizations were hit by ransomware in the last year, a 78% increase over the previous year”. 90% of these organizations suffered operational disruption, and 86% lost business and revenue. In the first half of 2022, ransomware variants nearly doubled compared with the second half of 2021. The popularization of Ransomware-as-a-Service (RaaS), and the willingness of affected organizations to pay are some drivers for increased ransomware attacks.

There has been limited focus on the social implications of ransomware. However, this limitation is giving way to increased scrutiny of the way organizations handle environmental, social, and governance (ESG) issues. ESG involves incorporating environmental and social policies and practices in corporate decisions and processes to identify and mitigate risk factors that could jeopardize an organization’s ability to remain operational and sustainable. Investors are not the only ones interested in ESG risk indicators prior to making investment decisions, some governments are demanding organizations make ESG disclosures. The US ESG Disclosure Simplification Act of 2021 empowers the Securities and Exchange Commission to establish standards for ESG disclosure. The European Union has also established ESG disclosure requirements that asset managers must adhere to in their reporting. 

Ransomware as an ESG Scope

Ransomware and other cyber threats constitute environmental, social and governance (Read more...)