The Future of Digital Risk: DRM Monthly Webinar, September 2025

Corporate Responsibility is “Here to Stay” 

Abhay Srivastava opened the session by affirming that ESG is “here to stay,” regardless of shifting political winds in the US and UK. He traced ESG’s roots to the Equator Principles (2002) and IFC Performance Standards (2006), which embedded environmental and social considerations into investor criteria. These frameworks have since expanded globally, with regulators increasingly treating ESG risks as financially material. 

Recent UK regulatory developments, such as the FCA’s CP25/18 (focusing on code of conduct) and the Bank of England’s Prudential Regulation Authority’s (PRA) climate risk consultations, underscore this momentum. These initiatives call for enhanced governance, risk assessment and reporting practices, with a growing focus on non-financial misconduct and diversity, equity and inclusion (DEI). Notably, the FCA’s “fit and proper” test now extends to executives’ private conduct, placing greater onus on employers to monitor behaviour and uphold duty of care. 

Litigation trends further reinforce ESG’s strategic importance. Abhay cited a landmark per-and poly fluoroalkyl substances (PFAS) case in Italy, where corporate criminal liability was established for environmental contamination. Such rulings highlight the reputational and financial risks of ESG failures and the growing scrutiny from regulators, shareholders and employees. 

To embed ESG into strategy, Abhay recommended a three-step approach: 

• Identify which corporate responsibility issues are financially and operationally relevant 
• Monitor regulatory and litigation developments in those areas via horizon scanning 
• Ensure internal policies are fit for purpose and reflect stakeholder expectation 

When Politics Disrupt the Digital World 

Danny Howett shifted the focus to geopolitical risk, spotlighting the recent disruption of undersea fibre optic cables in the Red Sea. These cables, which stretch for 1.7 million kilometres, carry over 95% of global internet traffic, and their severance impacted Microsoft Azure and connectivity across the Middle East, South Asia and Africa. 

While the official cause was accidental damage from commercial shipping, Danny noted that geopolitical tensions, particularly involving Russia and China, have raised concerns about deliberate sabotage. Incidents in the Baltic Sea and Taiwan Strait suggest a pattern of covert threats to critical infrastructure. 

The strategic importance of these cables for military, financial and digital operations has prompted NATO and other coalitions to enhance undersea monitoring. Danny stressed that protecting and rapidly repairing this infrastructure is now a core element of national and international cybersecurity. 

Samuel Kudláč added that regional instability, such as Houthi activity in the Red Sea and conflict in Ukraine, amplifies these risks. He urged companies to build redundancy into their networks by: 

• Diversifying undersea cable route 
• Establishing land-based and satellite backups 
• Collaborating with authorities to accelerate damage detection and repair 

Samuel also addressed the societal impact of political violence, referencing the assassination of Charlie Kirk in the US. The event has deepened polarisation and raised concerns about retaliatory extremism, affecting both civilian and military cohesion. Businesses must remain alert to how political instability can disrupt operations and erode trust. 

Data Protection and Compliance Gaps 

Stewart Duffy tackled the persistent issue of sub-minimal compliance with data protection laws, particularly among SMEs. Despite GDPR’s introduction in 2018, many organizations only confront their shortcomings when responding to subject access requests. 

Stewart emphasised the need for proactive compliance, starting with internal knowledge-building and extending to supply chain due diligence. He warned that SMEs will increasingly be held accountable by partners and customers for demonstrating robust data stewardship. 

He also highlighted the value of data protection beyond compliance: “Cybercriminals can’t steal the data you haven’t collected or retained.” Responsible data minimisation reduces exposure and builds trust. 

Looking ahead, Stewart flagged the UK’s Data Use and Access Act and forthcoming cybersecurity regulations as key developments. These will impose stricter standards on entities and elevate the importance of supply chain security. 

Defending Against Supply Chain Cyberattacks 

The session concluded with a discussion about recent cyber incidents affecting major UK organizations, including M&S, Co-op, Jaguar Land Rover and Heathrow Airport. Danny explained how a single breach, such as the attack on aerospace supplier MU Systems, can disrupt multiple sectors and geographies. He stressed the importance of layered defence strategies, combining: 

• Technical safeguards 
• Human training 
• Social engineering awareness 

With attackers increasingly targeting individuals through phishing and impersonation, organizations must invest in both technology and culture to build resilience. 

Dr Megha Kumar noted that supply chain breaches often have cascading effects, forcing smaller suppliers to shut down or lay off staff. This underscores the need for robust incident response plans and cross-sector collaboration. 

What Does this Mean for Business Leaders? 

Digital risk now spans legal, technical, geopolitical and cultural domains, demanding a holistic response. Businesses must adopt integrated, agile risk management frameworks that reflect the complexity of today’s operating environment. 

Whether it's understanding the rapidly developing corporate responsibility landscape or tackling risks to undersea cable infrastructure and related geopolitical concerns, organizations face a growing spectrum of threats. The imperative is clear: stay ahead, stay adaptive, and stay informed. 

We Can Help: With DRM, the Picture Gets Clearer 

The clearer your view of digital risks, the more able you are to defend against them. At a time when cyber threats are slipping through the cracks in supply chains and where industries are more connected than ever, the stakes are simply too high to leave to chance. The DRM is designed to expose these warning signs before they become front-page news. 

Our DRM service offers: 

• A comprehensive risk discovery phase 
• Visual heatmaps and actionable dashboards 
• Insights aligned to AI governance, corporate responsibility, cyber, geopolitics, regulation, supply chain and technology
• Expert support from procurement, cyber, technical, geopolitical and legal professionals 

Photo by Marita Kavelashvili on Unsplash.