Good article on cyber security and ESG. Cyber security viewed here within the Governance aspect -- as part of PRIs assessment to better understand how companies are demonstrating preparedness and addressing cyber-related risks, using governance as a proxy for resilience.
Article also references Nasdaq is using cyber security under the social component of its own ESG framework.
"We can think of cyber resilience as what ESG was like about 15‒20 years ago: a topic that was developing but still incipient in terms of being on the corporate and regulatory radar as an important financial factor that could be gauged through meaningful metrics by both external and internal stakeholders. Cyber is getting there faster because of its challenging, threatening, and potentially existential nature"