When I worked in the mining industry, my boss, the Regional Security Director had a saying, “security starts when community relations fail”. The idea wasn’t that security had to save the day when another function failed, but that in many businesses security isn’t front and centre in protecting the business or a stand-alone function, but that it must work alongside others to protect the business assets and that disruption in the community i.e. local environment, can have serious implications on the security, safety and wellbeing of the company and its employees.
This idea talks to the early ideas around the evolution of business concepts that have increased in prominence in recent years. Concepts that security professionals may too quickly dismiss as having no bearing on protection of assets, but one that security leaders should look to be part of.
“Who Cares Wins”
In 2004, Kofi Annan, then the UN Secretary, asked major financial institutions to partner with the UN and the International Finance Corporation in identifying ways to integrate environmental, social and governance concerns into capital markets – the resulting 2005 study, “Who Cares Wins”, marked the first use of the term Environmental, Social and Corporate Governance (ESG). The paper asserted that embedding ESG filters into investing would not only have a societal benefit but made good business sense as well.
These days, ESG is ubiquitous in business discussions.
“More and more investors are starting to understand that a company cannot be understood only through its financial performance. You need to take account of its ESG information to have a much better understanding of the company’s strategy as a whole,” observes Marie-Laure Schaufelberger, Head of Group ESG and Stewardship for the Pictet Group.
As companies around the world consider the importance of ESG, security’s role working alongside partners across the business is increasingly important. This is another opportunity for security professionals to demonstrate their value to the organisation.
The evolution of ESG
Over the last 20 years companies have started to report on ESG issues and risks as part of their regular reporting practice. This trend was driven by public opinion, increasing stakeholder demands and regulatory requirements.
However, the ideas behind ESG go back much further than this, starting in the 1980s initially as Environment, Health and Safety (EHS), before evolving first into Sustainability, then Corporate Social Responsibility (CSR) and now into ESG. The terms are used interchangeably by some as a catch-all for sustainable, socially conscious business practices, offering a recognised route for businesses to be more socially accountable. However, ESG is an evolution in the way businesses approach the data.
What is ESG?
An article from July 2020 by Aviva Investors called “The Evolution of ESG” noted that an increasing amount of data shows that companies adopting sustainable business practices and acting as good corporate citizens are rewarded by financial markets.
There is no exhaustive list of ESG concerns as these factors are often interlinked and it can be challenging to classify an ESG issue as only an environmental, social, or governance issue. ESG factors can often be measured (e.g. what the employee turnover for a company is), but it can be difficult to assign them a monetary value (e.g. what the cost of employee turnover for a company is).
Broadly speaking, examples of ESG concerns include:
Corporate citizenship means operating in ways that do not negatively affect the wider community, employees, consumers, or the environment. Ideally, the business would have a positive impact on them.
ESG and business
It should be clear to all that ESG is not going away. The increasing impacts of the climate crisis around the world, greater awareness of the need for business to be diverse and inclusive means that the importance of ESG will only grow.
However, ESG is essentially a methodology for managing risk. It offers a framework to assess how a company manages risks and opportunities that shifting markets and non-market conditions create. And it is this that should be of interest to security leaders.
Security and ESG = Management of risk
Security risks to the business are rarely stand-alone, they are a combination of factors, both threats and opportunities and changing environments combining to create uncertainty. Climate change is described as a threat multiplier in that it intersects with other factors to contribute to security problems. However, the same can be said with regards to other ESG risks as the links to security are many.
Areas with increased poverty generally have higher rates of crime; companies that suffer negative publicity around business practices are at great risk of protests, unrest and activist investors; companies causing environmental impacts face greater threats from sabotage, crime, disruption and protests. Companies with poor ESG performance (physical rather than financial metrics) face a variety of threats linked to this performance.
As such, security needs to understand ESG challenges that companies are facing to be aware of threats. Security professionals need to be aware of the ESG climate to identify opportunities to support the business.
As one example, communities can be a major threat to a business operation, but this is typically when relationships with communities have been mishandled, because communities are business stakeholders and can be the greatest asset to the safety and security of an organisation. Security professionals who engage with the local community can develop information networks, can understand threats, can evaluate local sentiment. Working with business partners can make these relationships particularly positive. Similarly, relationships within the business can help security leaders identify ESG related threats that could impact the business.
The health and safety, environment and sustainability practitioners may make strange bedfellows for many security professionals, but these are key business stakeholders in understanding the ESG risks and together their impact on protecting the assets of the organisation can be significant. It’s time for security leaders to embrace ESG and their role in it.
By James Morris, Head of Security Services, EMEA at Aon
You can connect with James here