This model collects information about cybersecurity related incidents and the reputational, legal, and financial impact they could potentially cause. Cybersecurity safeguards all types of data against theft and loss. Sensitive data, protected health information (PHI), personally identifiable information (PII), intellectual property, personal information, and government and business information systems are all included.

Chevron - Elements Webflow Library - BRIX Templates

Data Points to Consider

Cybersecurity Policies and Procedures

  • Existence, comprehensiveness, and enforcement of cybersecurity guidelines and protocols.
  • Alignment with industry best practices and regulatory requirements.

Incident Response and Preparedness

  • Plans and capabilities to respond to cybersecurity incidents.
  • Regular drills and testing to ensure readiness.

Investments in Cybersecurity Technology

  • Technologies and tools used to protect against cyber threats.
  • Ongoing investment in updating and improving cybersecurity infrastructure.

Third-party Assessments and Certifications

  • External evaluations or certifications regarding cybersecurity standards, providing an unbiased view of the company’s security posture.

Employee Training and Awareness

  • Programs to educate employees about cybersecurity risks and responsibilities.
  • Effectiveness of these programs in reducing human error-related breaches.

Supply Chain Cybersecurity

  • Cybersecurity practices within the supply chain, reflecting a comprehensive approach to cybersecurity across the business ecosystem.

Past Incidents and Responses

  • Historical data on cybersecurity breaches, if any, and how they were handled.
  • Lessons learned and improvements made following incidents.


Analyzing cybersecurity through the lens of ESG offers investors an insightful perspective into how a company manages one of the most critical aspects of modern business operations. This analysis is crucial for understanding the risks and opportunities related to cybersecurity and provides valuable insights into a company's overall governance and risk management capabilities. Robust cybersecurity practices can contribute to risk mitigation, make a company more appealing for acquisitions, and lead to long-term profitability. In a world where digital threats are evolving rapidly, such a focus on cybersecurity aligns with responsible and forward-thinking investment strategies.

Data in Context

What are we talking about when we're talking about Benchmarking? Let's be careful when we throw that word around.

All of our models are customizable.

Define your own requirements
Add you own measures
Adapt as you learn