search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
only but especially in the (lubricant) manufacturing industry. Whether during storage, transport or use, everyone involved in the supply, process and value chain must be able to handle the company’s products safely (e.g. hazardous chemical substances in the lubricants industry). The already stringent safety and protective measures are continuously reviewed and further developed. Regular safety training and courses are organised not only for the company’s own employees, but usually also for its customers and are an essential part of hazard prevention.


On the other hand, companies today prioritise IT security or cybersecurity, i.e. the protection of networks, computer systems, cyber-physical systems and robots against theft or damage to their hardware and software or the data they process (both personal and operational, which may in turn be personal), as well as against interruption or misuse of the services and functions offered.


Cyber-attacks – unwanted or unauthorised physical access to hardware and software by hackers and other unauthorised parties – are the biggest threat to companies. In 2023, they accounted for almost three quarters of the total number of analogue and digital attacks caused at German companies, resulting in total losses of over €200 billion, according to the Bitkom study “Wirtschaftsschutz 2023”. Cyber-attacks still accounted for 63% of total losses in 2022. The omnipresence of Wi-Fi, smartphones and other intelligent devices and systems, as well as their networking, make cybersecurity the topic and imperative of the hour.


Corporate sustainability and cybersecurity are both high on the corporate agenda. Instead of turning them into two initiatives, companies should focus on secure sustainability on the one hand and sustainable security on the other. Above all, there are now various existing synergies or symbioses between corporate sustainability and cybersecurity that are directly interlinked and build on each other. I refer to this phenomenon as “CyberSustainability”.


CyberSustainability in companies – corporate sustainability as a driver of cybersecurity The CSRD (Corporate Sustainability Reporting Directive), which came into force on 5 January 2023, increases the accountability of European companies on sustainability aspects relating to ESG - Environmental, Social & Governance. To this end, the


European Sustainability Reporting Standard (ESRS) introduced a binding reporting format at EU level for the first time, according to which all companies above a certain size in the EU – including lubricant companies – must report on their sustainability performance and how they deal with the associated opportunities and risks. The adoption of the CSRD will therefore change the way companies report on non-financial issues and the associated risks. Stock-listed companies will have to submit their first CSRD report in the beginning of 2025 for the year 2024 and other big companies will have to do so in early 2026 for the year 2025.


One of the sustainability topics that companies must address in the management report is the impact of their activities on consumers and end users. Due to the impact that cyber risks can have on the rights of consumers and end users as well as on the company’s financial position, it is necessary to disclose to stakeholders how the company manages cyber risks.


The impact of cyber incidents on organisations has raised the question of how much attention they should pay to cybersecurity measures in their annual report. The CSRD – more specifically ESRS S4 – now defines this. According to this standard, sustainability reporting should address how European companies manage the risks associated with data use and collection, as they are increasingly confronted with attacks from cyberspace (between July 2022 and June 2023, around 2,580 incidents were registered in the EU).


As a result, cybersecurity measures must be included in the CSRD report in the future. This information can be used by stakeholders to assess the company’s risk appetite and potential long-term profitability. The cybersecurity measures taken by companies must be in line with the cybersecurity obligations of the EU legal framework and thus improve the overall quality and content of sustainability reporting.


Prior to the adoption of the CSRD, there were no disclosure requirements in European law in relation to cybersecurity. With the adoption of the CSRD, cybersecurity has now clearly become an integral part of sustainability disclosure. In this respect, the mandatory inclusion of this topic in the sustainability report has led to the inclusion of cybersecurity in the management report, i.e., corporate sustainability can be seen as a driver for cybersecurity.


Continued on page 16 LUBE MAGAZINE NO.185 FEBRUARY 2025 15


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68