Responsible cybersecurity has always been at the heart of sustainability. Any business that prevents cyberattacks and helps identify threat actors is, by nature, contributing to a more sustainable digital ecosystem. Anastasiia Komissarova, Deputy CEO, Group-IB, investigates.
When policymakers talk about sustainability, they rarely picture botnets or ransomware farms.
However, every hijacked server wastes electricity, every data breach erodes trust in digital services that power green growth, and every phishing scam spawns extra shipments and returns, driving up carbon emissions.
The disruption caused by threat actors to businesses and societies is more than financial, it is fundamentally at odds with the principles of sustainability. By embedding security into sustainability strategies, we protect not just data, but the very systems that power a greener future.
The carbon cost of an insecure internet
Compromised machines do not simply go “idle”; they churn through CPU cycles and electricity to mine cryptocurrency, send spam, or host fake websites. DDoS attacks designed to overwhelm systems with artificial traffic draw vast amounts of energy to handle the increased load or to recover from the attack.
Botnets can also harness thousands of infected devices to perform brute-force password cracking or large-scale web scraping activities that consume significant processing power.
Even malware that silently logs keystrokes or exfiltrates data often runs continuously in the background, keeping machines active when they should be idle. All this extra energy consumption comes at a cost in carbon emissions.
By neutralising compromised computers that are operating under botnet control, it is possible to curb excessive power expenditure. Group-IB identified its recent efforts prevented excessive energy consumption amounting to nearly 22.4 million kWh, or ~10K tCO₂e – the equivalent emissions from driving a petrol operated car around the Earth approximately 1,297 times, or the carbon captured by ~48K tree seedlings grown for 10 years. Strengthening cybersecurity practices contributes directly to climate action goals, reducing unnecessary emissions caused by avoidable compromise and excess energy consumption.
A call for integrated thinking
Climate strategies often focus on electrification and renewables, while overlooking the digital scaffolding that keeps those systems trustworthy.
If renewable energy infrastructure lacks robust cyber security, businesses and consumers will lose trust in the sector and use will decline, resulting in increased emissions from non-renewable sources. Trust in reliable, secure renewable energy is the foundation of driving investment and shifting consumption trends.
Regulators and companies should fold cybersecurity into sustainability frameworks, utilities should factor cyber-risk into lifecycle-carbon models, and CISOs should sit at the same table as Sustainability Officers when net-zero roadmaps are drawn.
With energy suppliers forming a key component of critical national infrastructure, it is imperative that we focus on bolstering the sector against vulnerability and understand that security compliments long term ESG goals. Cybersecurity must be treated as a fundamental layer to sustainable development.
Towards a secure cyberspace and low carbon future
When security metrics feed into ESG reporting, organisations gain a powerful lever to accelerate progress on all fronts. No single company can solve the climate or cyber-crime crises alone, and the security sector is in a unique position to influence both.
By linking incident-response KPIs with sustainability dashboards, governing bodies can make data-driven decisions that advance environmental, social, and governance goals simultaneously. Publishing those metrics will turn PR slogans into measurable progress, and tangible results.
A secure digital ecosystem wastes less energy, protects critical infrastructure, and builds the trust on which transparent ESG reporting depends. Cybersecurity is therefore not a cost centre on the periphery of sustainability strategy; it is a catalyst at its core.
