1. Home
  2. Environment, Social, Governance
  3. Corporate Governance

COVID-19 cyber and ESG implications for corporates

Thinking of the immediate challenges that the COVID-19 pandemic is causing treasurers, issues such as securing liquidity, retaining some visibility over cash flows, and minimising supply chain disruption come to mind. However, there are other issues caused by the crisis in the pipeline for corporates. A number of these, particularly in the areas of cyber and ESG, impact the employees of companies and have wider implications for the business as a whole.

A spike in cyber threats

DSA Connect, an IT company that specialises in the permanent deletion and destruction of electronic data, has said that it expects a huge increase in data breaches of UK organisations as a result of the fall-out from the COVID-19 crisis. This could add millions of pounds to the losses incurred by employers from the virus, but the true cost could take some time to unfold after the worst of the crisis is over, as many data breaches can take 100 days or more to be discovered.

The company says the increase in data breaches will be fuelled by a dramatic rise in phishing websites - up 350% since the Coronavirus outbreak started (between January to March 2020), and depleted workforces and employees having to work from home where they are more susceptible to cyber attacks. In part, this is due to employees visiting websites while working from home that they wouldn’t normally do from the workplace.  They will also find it harder to prove the identity of people contacting them from external organisations.

“Face-to-face business meetings have been replaced by telephone or video calls, and because of this employees are at greater risk of fraudsters ‘spear phishing’, which is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to encourage targeted individuals to reveal confidential information, or ‘whaling’ frauds, which are phishing attacks directed specifically at senior executives,” said Harry Benham, chairman of DSA Connect. “In the wake of Coronavirus and with more people working from home, fraudsters have stepped up their targeting of companies and their employees, and this dramatically increases the chances of data breaches.” 

Many fraudsters, or ‘bad actors’, are using COVID-19 as a hook to enhance their cyber- attack strategies.  DSA Connect’s analysis has revealed that the number of COVID-19 specific fraud reports registered with the UK’s National Economic Crime Centre in March was 277% higher than for the six weeks to 18 March.  Last month, COVID-19 accounted from around one in 20 frauds registered with the Centre.

The workforce impact

The COVID-19 crisis has also underlined why employee health is a pressing sustainability issue. The way that businesses are responding to the pandemic can either alleviate or exacerbate its impact – on employees, their families, and the communities in which they operate. This is according to a new paper written by Piya Baptista, program implementation manager at Global Reporting Initiative (GRI), the sustainability impact firm.

Baptista uses paid sick leave as an example. A recent article in the New York Times highlighted that companies that do not provide paid sick leave are endangering their workers and customers. This is particularly significant in the current climate. In the US, almost one in four workers do not receive sick pay.  Affordable and accessible health insurance is another critical need for the nearly 30 million uninsured Americans - most of whom are low-income families.

Low wages, meanwhile, are associated with poor health outcomes for workers and their families, including limiting access insurance and healthcare services. Often it is these low-income households that are employed in the roles deemed essential during the pandemic - such as those in grocery stores, warehouses and manufacturing. I

Baptista writes that the GRI Standards - developed through a multi-stakeholder process that includes the private sector - call for companies to disclose employment benefits such as paid sick leave, healthcare and pay practices in relation to minimum wage. Being transparent about their track record in issues such as these means a company is publicly accountable to its stakeholders - investors, employees, consumers, governments and others - and encourages action that leads to improvement. This process involves taking a hard look at business impacts and making decisions that create long-term value for the company, its employees, and the wider world.

The COVID-19 pandemic demonstrates that businesses cannot take a backseat when it comes to the health of employees, Baptista says. It’s not enough to cherry pick easy solutions in isolation, it’s time for companies to take a holistic and progressive view of health and wellbeing. The GRI supports and endorses the Culture of Health for Business Framework, developed in 2019 by a group of companies, nonprofits and academia with support from the Robert Wood Johnson Foundation (RWJF).

This framework identifies 16 smart business practices that cut across a wide range of environmental, social, and governance (ESG) issues, to help businesses build and promote a healthy working environment and manage impacts on population health through their operations, advocacy, marketing, and philanthropy. As a set, these practices offer companies a strategic framework to set goals and invest in long-term value-creation; individually they can enable companies to take targeted and customised action. By using the GRI Standards to map progress against this framework, Baptista says that companies can begin to gauge whether their actions are helpful or harmful. These issues are broad in scope, ranging from occupational health and safety to non-discrimination or environmental impacts.

Understandably, the pandemic has brought a renewed and urgent focus on the role companies play in supporting population health.  Recognising health and wellbeing as an ESG issue, and increasing and enhancing disclosure, is a crucial step and a leadership opportunity for corporations to recognise their responsibilities and take action as a result, Baptista concludes.


Like this item? Get our Weekly Update newsletter. Subscribe today

Also see

Add a comment

New comment submissions are moderated.