This first appeared on Forbs Middle East
Cybersecurity is evolving into a key enabler of global sustainability. As digital infrastructure expands, the sector tackles energy use, ethical governance, and inclusive workforce development.
By dismantling energy-wasting cybercrime, adopting renewables, reducing hardware waste, and investing in diverse talent, cybersecurity is now driving progress on climate, equity, and innovation.
A top example would be the global cybersecurity firm Group-IB. In 2024, the company supported law enforcement in disabling over 207,000 infected devices, preventing cybercriminals from using them. These efforts led to 1,221 arrests, protected 65 million people from fraud, and helped prevent over $2.7 billion in financial losses.
Disabling botnets
Disabling malicious botnet networks has tangible environmental benefits. The reduced energy use from shutting down these operations saved an estimated 22.4 million kWh, preventing 10,000 metric tons of CO₂ emissions—the equivalent of the carbon absorbed by 48,000 tree seedlings grown over a decade.
“In the case of botnets, we are dealing with millions of hijacked computers, servers, and Internet of Things (IoT) devices carrying out malicious activities such as spam campaigns, distributed denial of service (DDoS) attacks, and cryptocurrency mining,” Anastasiia Komissarova, Group-IB deputy CEO, told Forbes Middle East. “These devices are forced to operate under higher CPU loads than normal, often running continuously without rest.”
Komissarova explained that while a typical personal computer may be in use for only eight to ten hours a day, an infected machine could be exploited around the clock. “This sustained high load significantly increases electricity consumption,” she said. “By disabling botnets, infected devices can return to their normal low-energy idle states, drastically cutting unnecessary power usage.”
At a global scale, millions of compromised devices waste massive amounts of electricity, contributing to avoidable carbon emissions. “By combating cybercrime, we can significantly reduce unnecessary energy consumption and prevent additional carbon emissions,” Komissarova added.
Shujaat Mirza, AI security researcher at New York University (NYU), echoed Komissarova’s sentiment, adding that botnets, DDoS, and unauthorized crypto mining (crypto jacking) lead to loss of electricity and power resources.
Ransomware and malware force companies to adopt multiple backups, leading to further redundancy in operations and an increase in energy waste and carbon emissions, he added.
Deeply intertwined
Samer Omar, PwC Middle East Cybersecurity & Digital Trust Leader, told Forbes Middle East that cybersecurity and sustainability are no longer separate priorities but are deeply interconnected.
“As organizations digitize their operations and scale through cloud, artificial intelligence (AI), and IoT, they also expand their attack surface,” Omar said. “A single breach can compromise not only data but also critical infrastructure, supply chains, and public services—disrupting business continuity, environmental protections, and societal trust.”
Omar added that stakeholders have a vested interest in this connection, as sustainable growth relies on resilient and secure digital infrastructure.
The systems underpinning environmental, social, and governance (ESG) efforts—whether smart grids, digital health platforms, or carbon tracking tools—must be secure to be trusted. In the modern economy, digital infrastructure forms the backbone of nearly every business and service. Vulnerabilities to cyberattacks or instability can disrupt operations, damage reputations, and inflict both financial and environmental harm.
“In today’s world, digital trust is the currency of confidence,” Omar said. “When we secure healthcare systems, power grids, financial platforms, or carbon reporting infrastructure, we’re not just protecting bytes; we’re safeguarding lives, livelihoods, and future generations.”
Komissarova said cybersecurity should be viewed as a catalyst for sustainability rather than a cost center. She noted that many organizations still treat it as a box-ticking exercise—an obligatory expense rather than a strategic priority. This mindset, she explained, often results in costly losses and lasting reputational damage. If more companies recognized cybersecurity as a core business enabler that strengthens their ability to achieve their mission, the overall level of global digital safety would rise significantly.
Integrating cybersecurity into ESG frameworks
Omar explained that broader ESG frameworks encourage organizations to address social and governance matters alongside environmental priorities, noting that cybersecurity plays a key role in supporting sustainability across all ESG pillars.
Komissarova emphasized that cybersecurity should be viewed as a business enabler rather than merely a cost, and that educating leadership and boards is essential to elevating its importance on the corporate agenda.
Incorporating metrics such as breach frequency and incident response readiness into ESG frameworks, she added, demonstrates tangible progress toward sustainable and secure operations.
Widening cybersecurity gaps
The disparity between small and large organizations is becoming more pronounced. Around 35% of small organizations now consider their cyber resilience inadequate—a sevenfold increase since 2022, according to the World Economic Forum’s Global Cybersecurity Outlook 2025.
Larger organizations, on the other hand, have made progress, with fewer reporting insufficient preparedness.
The public sector is struggling more than private firms, with 38% reporting inadequate cyber resilience compared to just 10% in the private sector. Moreover, 49% of public-sector organizations say they lack qualified cybersecurity talent, marking a 33% increase from 2024, added the report.
Supply chain risks remain the dominant challenge for 54% of large firms, with complexity emerging as the biggest obstacle to cyber resilience. Common issues include limited visibility into third-party cybersecurity standards, vulnerabilities introduced by external software, and the potential for attacks to spread across interconnected ecosystems.
Rising geopolitical tensions have also had an impact, with nearly 60% of organizations stating that such developments have influenced their cybersecurity strategies.
Tracking ESG progress
From a cybersecurity and ESG perspective, Omar suggested that relevant key performance indicators might include the percentage of critical infrastructure covered by resilience assessments, the reduction in system downtime and related emissions following incidents, and the alignment of cybersecurity operations with green IT standards such as energy efficiency in data centers.
Other important measures include the frequency and severity of ESG-related cyber incidents—such as attacks on smart grids or health systems—data breaches, compliance with data protection regulations, and the inclusion of cyber risk disclosures in ESG reports and sustainability indices.
Omar also flagged that transparency is becoming increasingly important as investors, regulators, and other stakeholders demand it. Organizations will need to embed cyber metrics into ESG reporting frameworks like GRI, SASB, or CSRD, making digital trust a visible and measurable part of their sustainability journey, he advised.
For Group-IB, Komissarova said the company’s recently released Sustainability Report tracks ESG progress using clear metrics: energy use, emissions, and cybercrime prevention for the environmental pillar; diversity, training, and hiring for the social pillar; and ethics, anti-corruption, and product responsibility for governance. This approach directly ties cybersecurity to measurable sustainability outcomes.
