ESG is the conscious effort by a business to assess the wider impact of its operations beyond its primary goal to generate a profit. Having an ESG policy may not lead to tangible rewards like discounts on services or a reduction in your insurance premium (yet), but the current push around the globe to create a more sustainable world for future generations is bringing these initiatives to the forefront, cyber sustainability is becoming a more integral part of the ESG framework than most realized it would. The reality is that businesses must consider investing in ESG, and digital resiliency is a great place to start.

You don’t need to be an expert on anything other than your own business to understand how to write an ESG policy. There are plenty of policy examples available on the internet, but it comes down to taking a critical look at your company to understand its impacts and asking yourself some key questions. There are many more, but here are some examples:


  • Does your business use any manufacturing processes that emit greenhouse gases that negatively impact climate change? Can you change these processes to reduce that impact? 
  • Do any of your vendors, suppliers, or customers use these processes? If so, can you push them to change or find alternative?


  • Does your company take a stance on political issues? 
  • Does your company support charities or provide opportunities for volunteer work to support its community? 
  • Does management promote a healthy corporate culture for its employees?


  • Does management hold the best interests of the company and its employees, suppliers, and customers? 
  • Is your company honest regarding its financial reporting? 
  • Does your company pay both management and its employees a fair wage?

A real consequence of not having advanced ESG policies and procedures is that your company may be vulnerable to being excluded from doing business with third party vendors or suppliers. It is becoming more and more common for larger corporations like Amazon, Walmart, eBay, and countless others to implement rigorous third-party vendor or supplier management protocols to ensure that the goals of the companies that they work with are aligned with their own. The inability to meet the baseline criteria, such as having a diverse workforce or certificate of insurance, can preclude you from doing business with them. There are also significant cyber risks in ESG, as ignoring it could leave your business exposed to hacktivists and cyber terrorists who aim their attacks against businesses who do not share their beliefs. Recently, a power plant was targeted because they were building a new coal facility to perpetuate its utilization of fossil fuels as opposed to transitioning to renewables like solar or wind, and hacktivism efforts in Russia by those opposed to the war in Ukraine have been widely reported.

ESG is important for any organization on this earth that is focused on long term planning and continuity of both their company and the planet, however, due to the high cost of establishing a comprehensive ESG program or the difficulty in specifically targeting deficiencies, companies have lagged behind in meeting the standards of today. Cyber security is closely intertwined with the ESG framework, and having the appropriate insurance becomes a very important tool in the battle against hacktivists and cyber terrorists, but making sure that you have digital risk resiliency should be your first step.  Start today by signing up for our FREE cyber risk assessment to gain a better understanding of your company’s risk posture.