Artificial intelligence (AI) “is the science and engineering of making intelligent machines, especially intelligent computer programs. It is related to the similar task of using computers to understand human intelligence, but AI does not have to confine itself to methods that are biologically observable.”1 At its simplest form, AI combines computer science and robust datasets to enable problem solving, also encompassing machine learning and deep learning—subsets that are commonly mentioned in conjunction with AI.² The sectors most impacted are information technology, consumer discretionary, financials and communication services.³ 

How does this relate to environmental, social and governance (ESG) investing?

As the digital spaces continue to evolve, cybersecurity is increasingly a risk for broadening groups of stakeholders. Cybersecurity has transformed from a technological risk to a key metric for the social pillar, under ESG factors.³ Companies are subject to an increasing amount of cyber-attacks and social engineering threats, which puts customers’ information and companies’ reputations at risk.⁴ Cybersecurity issues also have a material impact on the broader industry and may increase costs to protect data.

Cybersecurity has become a worldwide social concern, and it’s important to consider the region in which a firm operates as an important factor of cybersecurity risk. According to Next Peak, China has a strong national cyber strategy and established cyber emergency response team. However, China topped the index for state cyber threat risk, due to weak cybercrime laws and alleged hacking activities. On the other hand, the U.S. has strong cyber capabilities supported by government. However, the U.S. remains a prime target for cybercrime, based on Next Peak’s analysis.

The MSCI ACWI IMI Global Cyber Security Index shows that cybersecurity matters as an ESG concern. The index aims to represent companies that could potentially benefit from increased investment in firms that provide support and protection against cyber attacks. Though it underperformed the information technology index for most of 2020, the index outperformed the benchmark— showing a viable investment signal in this growing space.

What has changed?

As the digital economy continues to gain traction, cybersecurity is no longer just a software industry concern. It is becoming a major topic for management and investors, with a broader demographic increasingly more concerned with the social and technological implications of cybersecurity.³

The average total cost of a data breach has reached $4 million, growing the industry of protection. Core security spending reached $68 billion in 2020.³

Years of work on AI recently came to fruition with the release of new generative AI systems (generative meaning that this type of AI creates something that didn’t previously exist). New open-source tools have capabilities to produce very human-like responses and creations.⁵

These breakthroughs in AI, though revolutionary, open new possibilities for cybersecurity risk. With global cybersecurity threats growing 38% in 2022⁶, the increase in AI advancements may impact cybersecurity growth in companies. It is critical that leaders act accordingly to these growing threats and may call for government oversight to ensure AI usage doesn’t become detrimental to cybersecurity efforts.

Three main risks⁷

AI-generated phishing scams

Many phishing scams are easily recognized—they often lack proper grammar, spelling and use awkward phrasing. However, new open-source AI chatbots may create an opportunity for more sophisticated phishing scams with the new ability to converse seamlessly in many languages. Fortunately, detector technology for these chatbots exists and firms can integrate this tool into their IT infrastructure.

More accessible code for malicious intent

AI chatbots are becoming more proficient at generating code that can be manipulated into malicious actions such as hacking. On the flip side, firms are also equipped with these tools to prevent threats, and with proper employee training, AI chatbots can be used as a powerful tool to prevent cybersecurity threats.

Regulating AI usage and capabilities

If popular chatbot tools with millions of users were to be hacked, this poses a major risk of the dissemination of misinformation. Enhanced government oversight may be necessary to prevent this potentially large scale risk. Additional data security regulations have been introduced globally to enhance the protection of personal information, reshaping corporate behavior toward data usage and security. In May 2018, the General Data Privacy Regulation in Europe (EU GDPR) was introduced and in June 2018, the California Consumer Privacy Act (CCPA) was passed. Growing compliance requirements will likely drive corporate spending higher and may lead to financial losses if companies commit misconduct.³

AI has enormous potential to add business value and contribute to society, however there are also potential social risks that it may have on society. When incorporating ESG factors into investment decisions, it is important for investors to consider cybersecurity as a social risk that is increasingly impacting a firm’s bottom line through financial and reputational risks.