White paper on: Cyber Resilience “ESG” Reporting
Over the last 20 years companies, including Swiss Re, have started to report on environmental, social and governance (ESG) issues and risks as part of their regular reporting practice. This trend was driven by public opinion, increasing stakeholder demands and regulatory requirements. There are many similarities between the movement of reporting on ESG and the rising calls for reporting on cyber resilience.
Article information and share options
For most companies, demonstrating a level of cyber resilience is an important factor to ensure the generation (and maintenance) of sustainable earnings, but investors and the wider public currently do not have the transparency needed to assess the level of readiness of the majority of companies to confront cyber risk.
Despite the potential challenges and downsides, some form of external cyber resilience reporting (akin to ESG reporting) will inevitably be required of certain companies in the not too distant future. The trick will be in finding the right balance and formula to protect the disclosing company from exposing vulnerabilities to adverse actors while ensuring a greater level of transparency for investors and the public.
Because of this inevitability, as well as other good value-protecting and value-creating reasons, we suggest that the private sector think about this challenge proactively and formulate thoughtful and efficient solutions for specific industries well in advance of potentially vague, unreasonable or onerous requirements that may be mandated by regulators.