Rutherford Blog

Meera Nair
8 days ago by Meera Nair
Esg Climate Change Financial Services

​Climate Change and Cyber Security: What to Expect in Financial Services

Climate Change and Asset Management

Environmental, social, and governance (ESG) factors are not a new concept, but it is one that has been gaining more and more traction in recent years. For companies within the financial services industry there is an increasing pressure for some sort of ESG disclosure as this is becoming a growing concern from not just the public and investors, but also the state. This has led to a significant increase in ESG oriented regulations here in the UK and further afield.

It will come as no surprise that asset management firms can face physical or transactional risks as a consequence of climate change. Firstly, physical risks can occur through a singular event (e.g., flooding) or because of the long-term effects of climate change. Damage like this could put client portfolios at risk, therefore asset managers have to ensure there are contingencies in place that would continue to protect investments irrespective of climate risk. In addition to this, due to the transition to more sustainable practices, firms are undergoing various changes, from their culture to their conduct. One key risk that has to be considered is the technological risk that could arise from making ESG changes. To operate more sustainably, firms will have to invest in new technologies, perhaps slowing down profitability in the short-term. For asset managers there is a responsibility to monitor the effects of any technological or operational transitions.

ESG considerations are forcibly transforming corporate strategies and these changes have now become a permanent feature across the financial services sector. Naturally, neither internal nor external pressures can create change if stakeholders do not see the financial value of making ESG changes. The data around this is irrefutable – companies that introduce sustainable principles are set for strong financial performance in the long-term. Some links between ESG and financial performance are as follows:

  • Value creation

  • Reduced costs

  • Increased productivity

  • Increased demand

For buy side firms, regardless of the positive outcomes of the ESG agenda, there are challenges that lie with incorporating ESG standards into their current risk management framework. Whilst some aspects of ESG may already exist within certain frameworks, firms have to ensure that ESG is considered in all risk frameworks. Furthermore, they also have to consider how ESG will alter current products and services on the market. To make a smooth change and effectively address ESG risks, senior management should take collective responsibility in encouraging this change and setting a tone that will transform the culture around sustainable business operations.

Is Climate Change Intertwined With Cyber Threats?

Two very real major threats that are expected to only accelerate in the future are climate change and cyber incidents. A common characteristic between the two: redundant infrastructure, whereby systems and services are no longer equipped to meet the changing demands of these threats. Furthermore, there is no accountability for both issues. It is difficult to pinpoint who should be accountable for climate change as everyone plays a part. Similarly, we all have access to the cyber space, and it is incredibly difficult to find perpetrators of cyber-attacks. The key challenge here is how do individuals and businesses find ways to take collective ownership so that we can reduce our impact on the environment before environmentally friendly advocates find common ground in malicious cyber action?

More often than not, the links between climate change and cyber security risk may not necessarily be associated with one another and are instead viewed as two separate issues. However, the effects of climate change not only impact the physical world but also the digital one. Forming parallels with the two threats and finding the connections may help businesses create strategies and implement plans and recovery programmes that could help mitigate the disruptions caused by both threats.

It’s no secret that infrastructure is becoming more and more susceptible to cyber-attacks, more specifically critical infrastructure. Earlier this year, America was thrown into a state of emergency as a hacker group carried out a ransomware attack on the computer systems that manage the Colonial Pipeline, forcing the company to shut down its distribution pipeline and reportedly pay $4.4 million in ransom. The economic impact of the hack has yet to be calculated but it can be assumed that company suffered a large revenue loss. Another similar and very significant cyber catastrophe was the SolarWinds breach, which cost $90,000,000 in losses, highlighting that digital infrastructure is also vulnerable to cyber-attacks. For asset management firms this affects them directly as many firms rely on companies like SolarWinds to manage their IT infrastructure. Critical infrastructure within the energy sector may be more vulnerable to climate change risks but the heavy reliance on cyber to run and maintain such infrastructure also leaves it vulnerable to cyber criminals.

Globally, we are seeing more and more disasters, from floods to fires, highlighting the severity of climate change and the impact that it has on individuals, communities, and businesses. For corporations, climate change strategies should be at the forefront of their business models as physical damage to infrastructure can create opportunities for cyber criminals to hack company data.

In regards to the financial services industry, cyber-attacks are on the rise and will continue this way as technology dependence continues to increase. More often than not we hear about data breaches caused by malwares, hackers or inside threats with either money or politics being the main motivation for such attacks. Reports suggest that the FS industry spends around 6% to 14% of the IT budget on cyber security alone to prepare and mitigate for such incidents.

One of the ways businesses could increase readiness for such damage is to ensure that senior management and IT teams are working together to include climate change risks in security plans. For example, if there is a power outage caused by extreme weather not only does this compromise security but also affects business continuity. Planning ahead for such damage will reduce the financial and social burden of climate disasters and cybercrimes.

In order to integrate climate risk into frameworks, asset managers first have to prioritise a shift in culture and acknowledge that a change in behaviour has to be operative throughout the whole firm from the boards all the way down to the stakeholders. Making smarter and more sustainable investment decisions, such as channelling capital to the renewable energy sector, and moving away from investments in traditional resources like oil, provides an opportunity for long term financial gain as the sector is rapidly growing. Done correctly, this also reduces the threat from environmental protestors.

The Threat of Malicious Actors

The threat of climate change has seen an increasing rate in climate change activism, from protests to campaigns collaborating with one another to actively create changes in public attitudes and push for policy reforms related to the environment.

As we see cutting-edge technology changing the threat environment and a growth in business online presence, there has also been a surge in online activism. Hacking now transcends beyond antisocial criminal behaviour, as the gap between the online and offline world gets smaller and smaller, hackers are carrying out attacks to support meaningful causes. Hacktivism is quickly becoming a weapon that garners greater media and political attention than the average protest as the consequences have a deeper impact. For example, just over 10 years ago the EU carbon trading website became a target of a cyber-attack as anti-carbon hacktivists hijacked the website to protest that carbon trading was a dangerous and ineffective solution to the climate crisis.

A recent report from the IPCC provides clarity on climate change and can be used as a guide for asset management firms to understand how they can become more climate resilient. It is clear that the damage from climate change cannot be undone but human impact can be reduced. The investment industry have to make urgent changes by collaborating with one another and working towards achieving net zero carbon emissions. Regulatory reforms are already being made as it is clear that targeting policy makers guarantees that the changes made will be large scale. ESG regulations allow for transparency and reduce green washing, resulting in a significant increase in sustainable investments. Although a greater number of corporations are stating their commitment to tackling the crisis, it can be questionable if they are actively following through and if so whether or not enough is being done. From a cyber security perspective, could lack of action put asset management firms at risk of becoming targets from so called hacktivists as seen with the EU carbon trading site?

Overall, firms and investors have a moral duty to act through re-engineering, better management, and smarter sustainable investments. Asset managers have the ability to engage with investors, play a role in capital allocation, and finally act as a channel between the market and investors interests on climate change. Due to the role they play in the economy, naturally there is a responsibility on them to manage processes on sustainability. In the long-term asset management firms will be presented with investment opportunities and improved public relations all whilst making positive contributions to the environment and reducing their investment and operational risk exposure.


Octavian Donnelly is the Change & Transformation Lead - Risk and Operations at Rutherford, the executive specialists in compliance, legal, financial crime and change and transformation recruitment.
Contact us for a confidential search, send us an email at or see our latest vacancies.