On June 22, 2022, the Center for Long-Term Cybersecurity (CLTC) hosted the virtual workshop, “Sustainability Reporting on Digital Harm: State of Play and Future Agenda.” The event explored the role of digital security in corporate social responsibility and communication.
The workshop builds on CLTC research that examines “digital harm,” a concept that different communities use to signal unwanted outcomes in our global information technology system. Examples of digital harm include data breaches, consumer privacy violations, discrimination perpetuated by AI systems, improper data collection, and hate speech. Digital harm underpins how society judges business conduct as acceptable or not, by helping citizens and groups express views about how firms should approach data management, cybersecurity, freedom of expression, targeted advertising, and other practices and values shaped by business uses of the internet.
Workshop participants met to discuss how to improve corporate communication about digital harm in a rapidly changing area of disclosure known as “sustainability reporting,” which is closely related to ESG and corporate responsibility reporting. Just as companies are called upon to report their practices for environmental sustainability, human rights, labor, and other domains, many are also starting to report on digital harms. The stakes of these forms of reporting are high: they affect the array of information that people use to make choices about how to interact with a business, whether as a customer, employee, investor, regulator, or concerned private citizen.
CLTC’s event brought together a diverse group of subject-matter experts from business, academia, civil society, and social enterprise. Contributors offered perspectives on the state of play in the global reporting landscape, and explored how to develop criteria to assess the effectiveness of novel approaches for reporting on digital harm. They also generated a forward-looking agenda for research and collaboration.
The workshop was organized into three parts: “Where have we been?”, “Where are we going?”, and “Designing for the future.” The first two parts opened with provocations from guest speakers, followed by group discussion. The third part began with a breakout exercise using scenario thinking to imagine first steps toward design of new guardrails to guide business disclosures related to digital harm in sustainability and similar reports. Many insights emerged from the discussion, some of which are summarized below.
Insight 1: Harm prevention is too narrow a frame as reporting shifts to emphasize positive impact.
Although some of the impetus for sustainability and ESG reporting has been to uncover ethical failures that create negative externalities and/or financial risk, there has been a rise in fresh approaches that provide information about corporate philanthropy and social impact that seek to solve societal challenges. Attempts to report the good with the bad have emerged, signaling a need for balanced transparency. Leading firms recognize that digital initiatives provide opportunities for positive social impact and reputation-building, even as digital harm may add reputational risk. Reporting organizations use a range of communication strategies for going beyond harm-related disclosure, such as mapping information to the United Nations Sustainable Development Goals and/or human rights instruments, describing the cybersecurity support they provide to customers or partners, detailing how employees are trained in cybersecurity and other areas, and reporting on community-based digital skills programs.
Insight 2: Socially responsible digital practices are difficult to quantify, presenting considerable hurdles for those who adhere to the mantra, “what gets measured matters.”
Users of sustainability reports have indicated a need for information that is more easily compared over time and across firms. Numerical data can help address the gap, but most digital harms and opportunities lack “natural attributes” that are countable or physically measurable. Further complicating the challenge, there are few widely accepted methods for linking potential or actual digital harms and opportunities to revenue streams or return on investment. Even if digital harms and opportunities cannot be quantified directly, proxy measures — such as amount of legal fines and settlements associated with user privacy or, in the context of online content moderation, the number of user impressions of content that was subsequently removed as a fraction of total number of content removals — could help establish incentives that drive decisions and behavior. For example, studies that compare proxies of firms’ digital responsibility to financial performance could begin to clarify incentives.
Insight 3: Investors, companies, civil society organizations, and think tanks recognize or are beginning to recognize that digital harms and digital opportunities are too important to be omitted or mishandled in sustainability reporting.
Business approaches to digital topics such as data privacy, information security, digital inclusion across population groups, and responsible marketing have emerged as “material” issues in sustainability reporting. Their “material” status refers to their relevance and fair representation of data for various audiences. However, when firms label certain issues as “material,” the precise reasons why and the specific target audience is not always clear because “material” has different meanings in different contexts, some of which are highly regulated (such as securities laws) and some of which are not (such as sustainability reporting, although regulatory coverage is expanding in many jurisdictions). While the increased treatment of digital topics as material concerns in corporate reporting suggests that audiences demand relevant information for their decision-making, further research is needed to clarify how disclosures on digital topics are judgment-useful to different groups, such as institutional investors, retail investors, regulators, and consumers.
Insight 4: Fostering alignment within the firm to incentivize disclosure is important, yet in many cases it remains immature.
Internal allies within an organization are critically important for teams whose primary area is corporate social responsibility, investor relations, sustainability, or ESG. Cross-team communication can reveal perceived barriers to improving sustainability reporting on digital topics — barriers such as B2B sales pressures, time-to-market milestones, or ingrained compliance mentalities. To strengthen prospects for internal alignment, communication strategies could include: making the case for first-mover benefits, generating proxy measures that link firm reputation to social performance for digital topics, examining implications for talent attraction and retention, and focusing on digital topics that resonate most with internal stakeholders in order to form allyships in the organization. Lessons for aligning internal stakeholders may be found in other difficult-to-measure areas of sustainability initiatives, particularly those in the social “S” pillar of ESG, such as diversity of workforces and boards. It is possible that existing research on firm benefits of digital sustainability disclosure is too dispersed to be useful, and that packaging such research into a more digestible form would yield meaningful payoff.
Preliminary Future Agenda
Workshop participants’ contributions to a forward-looking agenda are in keeping with CLTC’s mission to help individuals and organizations address tomorrow’s information security challenges to amplify the upside of the digital revolution. In this instance, CLTC encouraged a look over a five-year horizon, to 2027, in order to generate intermediate goals for research and collaboration in order to improve digital harm-related sustainability reporting. Major items on the resulting agenda — some of which CLTC will pursue through further workshops, working group efforts, and interviews — are:
- Encourage continued exchange between “top-down” and “bottom-up” efforts, particularly initiatives that scope sustainability reporting norms for investor audiences and initiatives that advocate for broader stakeholder use of sustainability disclosures. Levers for accelerating awareness and adoption may work in both directions between investment communities and other societal actors. Monitor the United Nations Digital Compact (expected September 2023) as a potentially useful call to action.
- Improve the state of knowledge on the extent to which companies recognize digital topics as material, and examine the informational contexts (financial, accounting, ESG, sustainability) that provide the basis for their approach to materiality.
- Build on existing critiques of “greenwashing” and “ethics-washing” in sustainability and ESG conversations to generate purpose-built mitigations for digital-related reporting.
- Foster an inclusive norm-setting space by welcoming voices from the Global South to scrutinize prevailing models of growth and shareholder primacy, assess viability of stakeholder capitalism, and integrate different cultural attitudes into building consensus around basic societal expectations for acceptable digital practices by firms.
- Test alternative models for organizing and sharing digital-related sustainability reporting.
- Develop a roadmap toward establishing effectiveness criteria that takes into account audience; validation procedures; varying size, industry, and legal status of reporting entities; B2B versus B2C models; the usefulness of system-level and firm-level indicators; and power asymmetry between evaluators and management/decision-makers.
- Educate C-suites and boards to understand digital harm and opportunity, potentially by translating these concepts into terms of risk (such as cyber risk, reputation risk, or compliance risk), then use their new understanding to get buy-in for efforts to improve related sustainability reporting.
Outlook
The workshop presented a novel opportunity to highlight interlocked issues across domains that will likely shape the future of corporate disclosure on digital harm and related topics in sustainability and similar reports. CLTC is proud to have convened global experts whose ideas and practices advance the dialogue about corporate social responsibility, and we look forward to being a hub for coordinating future efforts in this dynamic arena between business and society.