In data privacy and security, we might have a “forest for the trees” moment right now. And they may not be the trees we expected. By now, you are familiar with the term ESG (Environmental, Social, and Governance). Although the term itself can induce political and social tensions today, it is a shorthand for a basket of intangible aspects of a business that, through the reactions of shareholders, employees, and customers, can affect the bottom line or even enterprise viability. The terminology is new; the underlying concepts of internal and external perception go back to the 1960s, if not much earlier. The danger of this new name lies in divisive cultural issues relating to “E” and “S” overwhelming “G”—governance, an uncontroversial concept crucial to businesses handling personal data.
First, data links the use of some form of ESG to positive impacts on an organization’s bottom line. It has been reported that between 2014 and 2018, organizations in the S&P 500 that ranked in the top 20% for ESG adoption surpassed those in the bottom 20% for ESG adoption—by upwards of 25% in profitability; resulting in more stable stock prices overall as compared to their counterparts in the bottom 20% of ESG metrics. This is not specific to the content of ESG programs; these numbers examine the existence of a program. Bloomberg reported that over $50 trillion in investments in 2025 will be channeled according to some type of ESG criteria.
Second, “G” plays an outsize role in corporate crises related to ESG management (or lack thereof). G covers the gamut of internal organization, operating policies, and controls, where failures can have big consequences:
- A successful bank whose public statements sparked fear about its financial management had a run and went out of business.
- At a popular online service, a change in ownership, coupled with a major internal reorganization, was followed by an employee walkout. Subsequent changes in user-facing policies were met by a customer walkout. All of this fed a $29 billion valuation adjustment and 40% less advertising revenue.
- Perceived lack of controls in emissions/efficiency testing and questions about engine control software integrity have caused quite a few headaches for auto companies—in regulatory inquiries/action and consumer class actions.
Throwing the governance baby out with the ESG bathwater (due to ideological disagreements over emissions, LGBTQIA+ issues, or other politically charged E and S issues) could cause these types of problems for many businesses. In addition to direct financial and operational effects, G is the thing that “underpins the ability of a company to achieve its environmental and social goals.”
Finally, in data-heavy or data-sensitive industries, governance is extremely important because it affects perceived trustworthiness. Security incidents can erode public perception of a company—and stock price, profitability, and viability. A study by Comparitech, examining large data breaches (1m records or more) revealed that data breaches have a long-term depressive effect on stock prices. Bitglass’s study found that for public companies, the average drop was 7.5% and took 46 days on average to recover. Equifax saw shares drop more than 30% after announcing its now-infamous data breach. Although stock frequently bounces back over time, short-term risks can include shareholder revolts. And even at smaller companies, perceptions of carelessness with data can lead to serious impacts on customers—and at a minimum, embarrassment. LastPass suffered this when it failed to protect password vaults—arguably, its “one job.” Almost all data breaches implicate the policies and controls in organizations: what is collected, who can see it, what is done with it, how it is kept, how long it is kept, etc.
For businesses today, ESG is not optional; it’s a must-have. And even companies cannot come to grips with stances on various environmental or social issues, they can still focus on the uncontroversial governance aspect.
- ESG has been in practice for over 60 years; the controversy around the term is new. But ESG delivers the goods in terms of investment, if not also sales and sustainability.
- Investors and customers—if not also employees—look at ESG factors in investing or staying with a company.
- For businesses, and especially data-centric ones, embracing ESG is just smart business. As H. G. Wells said, “Adapt or perish, now as ever, is nature’s inexorable imperative.”