Cybersecurity Management in ESG Ratings

2023 EthiFinance Barometer of European Compagnies


Main take-aways from our report:

1. On average, cybersecurity management across European companies has steadily and strongly increased over the past three years.

2. Austrian companies receive the highest average cybersecurity score, followed closely by the Dutch, Irish and French firms. Countries with the lowest average scores are Norway and Sweden.

3. European companies are increasingly including cyber risks into their operational risk management. This is the case above all for large firms and to a lesser extent for smaller companies.

4. The ISO 27000 certification is widely used in most European countries, except for France, where only one third of companies were certified in 2023. Real Estate companies show a particularly low certification rate as opposed to organisations from other sectors.

5. While cybersecurity training for employees is key for protection organisations from IT system intrusion, is not a topic that many companies report on and the proportion of companies with fully trained staff is only half of those providing the information.

Download the report.