Cyber Silent Spring: Leveraging ESG+T Frameworks and Trustmarks to Better Inform Investors and Consumers about the Sustainability, Cybersecurity, and Privacy of Internet-Connected Devices

Shackelford, Scott; Raymond, Anjanette; McCrory, Martin A.; Bonime-Blanc, Andrea

doi:10.2139/ssrn.4003576

Download This Paper

Open PDF in Browser

Add Paper to My Library

Cyber Silent Spring: Leveraging ESG+T Frameworks and Trustmarks to Better Inform Investors and Consumers about the Sustainability, Cybersecurity, and Privacy of Internet-Connected Devices

Kelley School of Business Research Paper No. 2022-01

50 Pages Posted: 11 Jan 2022

See all articles by Scott Shackelford

Scott Shackelford

Indiana University - Kelley School of Business - Department of Business Law; Harvard Kennedy School Belfer Center for Science & International Affairs; Center for Applied Cybersecurity Research; Stanford Center for Internet and Society; Stanford Law School

Anjanette Raymond

Indiana University - Kelley School of Business - Department of Business Law; Queen Mary University of London, School of Law; Indiana University Maurer School of Law

Martin A. McCrory

Indiana University - Kelley School of Business

Andrea Bonime-Blanc

GEC Risk Advisory

Date Written: January 7, 2022

Abstract

The rapid expansion of Internet of Things (IoT) devices and services is continuing and even being catalyzed by the COVID-19 pandemic with the number of Internet-connected devices already far exceeding the number of people on the planet, leading to widespread implications for natural and digital ecosystems. There is a growing cadre of Environmental, Social, Governance, and Technology (ESG+T) frameworks and initiatives to measure these impacts, which are being rolled out to better inform both investors and consumers about the impacts of firms’ operations made all the more timely given both supply chain bottlenecks and pressing climate change goals. One such tool that is receiving increased attention are trustmarks, particularly labels. Efforts are already underway in Europe to incorporate privacy and cybersecurity information into existing CE label. To date, though, there has been no attempt in the legal literature that we could identify to account for global developments in such trustmarks that are seeking to communicate meaningful information about the cybersecurity and privacy characteristics of Internet-connected devices and services to consumers. There are likewise divergent efforts underway to promote information transparency for investors. As regulators and civil society groups in Asia, and increasingly in the United States, are actively questioning the utility of how such trustmarks could function, and how to promote transparency more broadly in this space for investors and consumers alike, the time is ripe to conduct a survey of attempts to date, and where they have fallen short. As new trustmarks are fashioned, what lessons should be taken from the sustainable development movement and environmental reporting standards, along with best practices from cognitive science, marketing, and human decision-making?

Keywords: cybersecurity, ESG, sustainability, SEC, NIST

Suggested Citation: Suggested Citation

Shackelford, Scott J. and Raymond, Anjanette and McCrory, Martin A. and Bonime-Blanc, Andrea, Cyber Silent Spring: Leveraging ESG+T Frameworks and Trustmarks to Better Inform Investors and Consumers about the Sustainability, Cybersecurity, and Privacy of Internet-Connected Devices (January 7, 2022). Kelley School of Business Research Paper No. 2022-01, Available at SSRN: https://ssrn.com/abstract=4003576 or http://dx.doi.org/10.2139/ssrn.4003576