Skip to content

Cyber Security & Insurance Increasing Through the ESG Lens

    Overview
    1. Which ESG risk trends are of most concern to your company?
    2. ESG risk-analysis frameworks of data providers
    3. Shortage of cyber security pros

    Cyber security has long been seen as an IT issue but today’s booming digital economy means this is no longer the case.

    Whether it’s the rise of home working, the acceleration of digitalization, or the far-reaching effects of events such as the ransomware attack on the Colonial Pipeline in the US, the potential and actual vulnerabilities exposed by cyber incidents have become all too apparent, ensuring a far broader demographic is increasingly concerned with cyber security’s social impact, including company management, global investors and stakeholders with potential exposure to customers’ private information.

    Indeed, cyber security resilience is now regarded as the major ESG risk topic for many companies, according to the majority of respondents in the Allianz Risk Barometer (58%) (see Cyber Risk & Ransomware Trends).

    Figures represent the percentage of answers of all participants who responded (2,650). Figures do not add up to 100% as up to three risks could be selected.

    Which ESG risk trends are of most concern to your company?
    Source: Allianz Global Corporate & Specialty

    This is driven by factors suchas the growth and severity of cyber-attacks, and the introduction, and increase, of data security regulations to enhance the protection of personal information around the world.

    Given companies can be fined and/or suffer reputational damage if they do not adequately protect their information/networks, there is growing acknowledgment of the need to build resilience and plan for future outages or face the consequences from regulators, investors and other stakeholders.

    The potential and actual vulnerabilities exposed by cyber incidents have become all too apparent, ensuring a far broader demographic is increasingly concerned with cyber security’s social impact.

    In the past, it was mainly technology companies that were assessed on cyber security resilience, but these days, businesses across a range of sectors are subject to such scrutiny.

    ESG risk-analysis frameworks of data providers

    Increasingly, cyber security considerations are incorporated into the ESG risk-analysis frameworks of data providers, who look into companies’ data protection and information security practices to evaluate their preparedness for cyber crime while investors typically examine data protection and information security policies to assess a firm’s cyber security risks (see How Insurers Can Embed ESG into Finance?).

    Making sure a company’s cyber security processes and policies are understood at the board level and that cyber risk monitoring processes are in place is crucial.

    One of the main complaints from the investment community has been around transparency – it is hard to understand a company’s cyber risks and for various reasons companies have been slightly hesitant in the past to provide enough transparency. But the ones that do certainly see the benefit.

    Considering cyber security as an ESG metric is still a relatively new concept but continued and expanded interest in this area is to be anticipated.

    Companies that don’t recognize these changes and don’t integrate their ESG and cyber security strategies may discover that they have a lot more to deal with than just a cyber insurance claim in future (see Cybersecurity and the Cyber Insurance Market).

    Shortage of cyber security pros

    A shortage of cyber security professionals may be hindering efforts to improve cyber security, especially outside the technology sector.

    Demand for cyber security experts is growing at a time of constrained labor supply in the US and Europe.

    More and more companies are looking to employ cyber security specialists, but supply is not keeping up with demand.

    According to Cybersecurity Ventures, the number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021 to 3.5 million – enough to fill 50 large football stadiums (see Cybersecurity Insurance Market Size Forcast).

    Board awareness of cyber has accelerated security investment in recent years, but many companies struggle to get the IT professionals required to implement changes at the required pace and scale.

    Just 2-3 years ago there was a lack of awareness of cyber among top management, but that has changed dramatically with large supply chain cyber-attacks, and more recently with the changing threat landscape from the conflict in Ukraine.

    As a result, the C-Suite are more engaged with cyber risk and have stepped up investment.

    However, the problem is now one of talent. There is a global shortageof cyber security professionals, and many companies are experiencing problems hiring, which has affected the ability of some companies to make improvements to cyber security.

    FAQ

    Why has cyber security become a major ESG risk topic?

    Cyber security is now considered one of the most significant ESG (Environmental, Social, and Governance) risks due to the increasing frequency and severity of cyber-attacks, rising digitalization, remote work trends, and high-profile incidents such as ransomware attacks.

    How do cyber incidents impact a company’s social responsibility?

    Cyber incidents expose vulnerabilities that can compromise customers’ private information and disrupt operations. This creates broader social consequences, affecting stakeholders such as customers, employees, investors, and regulators. As a result, cyber security is increasingly viewed not just as a technical issue, but as a social responsibility and governance concern within ESG frameworks.

    Are only technology companies evaluated on cyber security resilience?

    No. While technology companies were previously the primary focus, today businesses across all sectors are evaluated on their cyber security preparedness. Investors and ESG data providers now assess companies’ data protection practices, information security policies, and resilience strategies regardless of industry.

    How is cyber security integrated into ESG risk analysis?

    Cyber security is increasingly incorporated into ESG risk-analysis frameworks. ESG data providers evaluate:
    Data protection policies
    Information security controls
    Cyber risk monitoring processes
    Board-level oversight
    Investors also assess transparency around cyber risk exposure and resilience planning when making investment decisions.

    Why is transparency around cyber risk important to investors?

    A common concern among investors is the lack of transparency regarding cyber risks. Without clear disclosure, it is difficult to assess a company’s exposure and preparedness.
    Companies that provide greater transparency tend to gain investor confidence and demonstrate stronger governance practices.

    What are the consequences of not integrating cyber security into ESG strategy?

    Companies that fail to align cyber security with ESG strategy may face:
    Regulatory penalties
    Reputational damage
    Loss of investor trust
    Operational disruption
    Increased insurance challenges
    Cyber risk is no longer just an IT issue – it is a board-level governance matter that can affect long-term corporate value.

    How does the shortage of cyber security professionals affect companies?

    There is a global shortage of cyber security professionals, making it difficult for companies to implement improvements quickly and effectively.

    …………………..

    AUTHORS: Jens Krickhahn – Practice Leader Cyber Insurance, Central and Eastern Europe at AGCS, Michael Daum – Global Head of Cyber Claims at AGCS

    RECOMMENDED FOR YOU
    Insurers Face Longer Settlement Cycles and Widening AI Gap in 2026
    Insurers Face Longer Settlement Cycles and Widening AI Gap in 2026
    Insurers enter 2026 with longer settlement cycles, rising volumes, and slow AI adoption, increasing costs and operational risk, AutoRek finds
    Global Insurance M&A Steadies as Strategy Replaces Deal Frenzy
    Global Insurance M&A Steadies as Strategy Replaces Deal Frenzy
    Global insurance M&A stabilised, as insurers and brokers took a more strategic approach to acquisitions amid falling interest rates and a realignment of strategic priorities
    U.S. Life Insurers Improve as Capital Strength Holds. Fitch Ratings' Prism scores
    U.S. Life Insurers Improve as Capital Strength Holds. Fitch Ratings' Prism scores
    U.S. life insurers posted modest Prism score gains, with resilient capital strength despite rising annuity volumes and investment risk pressures
    Raising Deductibles vs. Employer-Sponsored Reimbursements: Weighing the Pros and Cons
    Raising Deductibles vs. Employer-Sponsored Reimbursements: Weighing the Pros and Cons
    Health insurance is an integral part of employee benefits packages in the United States. However, any employer federally required to provide this compensation could admit that their costs can be burdensome
    The 3 Best Interpreting Solutions for Insurance Claims Processing
    The 3 Best Interpreting Solutions for Insurance Claims Processing
    How insurers reduce insurance claims delays, compliance risk, and disputes with phone, video, and document translation support
    US Insurance Sector Outlook 2026: Returns, Risk & Reform
    US Insurance Sector Outlook 2026: Returns, Risk & Reform
    US insurance sector outlook for 2025-2026: capital strength, social inflation risks, P&C returns peak, Florida reforms, life insurance resilience and alt capital trends
    Winter Storm Fern Insured Losses Seen at $4–7 bn, No P&C Insurer Downgrades
    Winter Storm Fern Insured Losses Seen at $4–7 bn, No P&C Insurer Downgrades
    Fitch estimates Winter Storm Fern insured losses at $4-7 bn. Losses hit earnings, not capital, with P&C insurers absorbing most claims and no rating downgrades
    Could Crypto Exposures Drive Demand for New Insurance Products in Cyber and Digital-Asset Risk
    Could Crypto Exposures Drive Demand for New Insurance Products in Cyber and Digital-Asset Risk
    Digital-asset adoption keeps rising and so do the risks tied to holding or moving value online. Insurers now face new pressure to design products that respond to crypto-specific threats
    Total
    0
    Share