Sustainalytics Insight: Nearly Three in Ten Utility Companies Globally Have Weak Cybersecurity Programs
As recently as 2022, nearly four in ten (38%) of 445 utility companies globally tracked by Morningstar Sustainalytics had weak cybersecurity management programs. And, while this figure did improve to nearly three in ten (27%) in 2023, Sustainalytics believes cybersecurity has become a major concern for utilities companies, according to new research on the downside of digital transformation for utilities.
Strength of Cybersecurity Management Programs in the Utilities Sector, 2022 vs. 2023
Ratih Pujiastuti – ESG Senior Research Analyst, Utilities, Morningstar Sustainalytics:
“The growing adoption of digital technologies by utilities, while leading to significant customer benefits, unfortunately can expose the industry to cyberattacks affecting both physical and digital infrastructure. Such cybersecurity attacks, if successful, can disrupt a company’s operations and impact customer trust. These are material and growing ESG risks and how a company addresses them can make a major difference for investors.”
Morningstar Sustainalytics recently created a standalone material ESG issue (MEI) for utilities’ cybersecurity risk as a part of a series of significant enhancements to its flagship ESG Risk Ratings. Creating a standalone MEI for this material issue allows Sustainalytics to expand its cybersecurity coverage and offer deeper insights into companies’ ability to safeguard customer privacy and prevent and respond to cyberattacks in critical infrastructure and operations.
To speak in more detail with Ratih, reach out to Tim Benedict at [email protected] or (203) 339-1912.