PERFORM WITH INTEGRITY Sustainability and Cyber Security Risk

PERFORM WITH INTEGRITY ™ Sustainability and Cyber Security : : Risk Management Relatives Christopher Geiger Enterprise Risk and Sustainability Director, Lockheed Martin

Risk Management Relatives There is growing intersection between the tenets of Cyber Security and Sustainability. Cyber Security Sustainability Confidentiality Integrity Availability Environmental Social Governance This session introduces collaboration topics for your organization. © 2020 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Aligned Goals: Risk Management and Disclosure

How are we mitigating the social implications of AI bias if data integrity is degraded? AI Drives: entertainment/news media, hiring process, medical diagnosis, transportation apps, banking, advertising, financial markets, customer service… Very bad data = Bad decisions that are noticed Subtly bad data = Bad decisions that go unnoticed © 2020 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Is the energy consumption of defense in depth and encryption part of the decision-making process? Data centers consume between 1 and 2% of the world’s electrical power. Cyber Security and encryption use ~25% of that power. Do you know your enterprise’s cyber security power footprint? © 2020 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

What is the balance between protecting PII and transparently reporting social data? Requests for social data reporting continue to expand. D PERSONALLY I Regulations (with hefty fines) protecting personal data continue to be enacted. IDENTIFIABLE C And employee disclosure of personal data on social media is increasing… © 2020 GRC Summit All Rights Reserved. O S INFORMATION U E PERFORM WITH INTEGRITY ™

Are governance structures aligned? Governance is a key aspect of both cyber security and sustainability. Is there overlap in the framework of processes and oversight both areas use to manage and report risk? © 2020 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

What is the relationship between evolving sustainability reporting standards and cyber security? ü Acknowledge the connections between the data and processes that cyber security is safeguarding and their ESG impact. Sustainability reporting has many stakeholders- and they are all interested in material cyber security risks. © 2020 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Next Steps Jumpstart collaboration between cyber security and sustainability teams Develop guidance where there is natural tension between sustainability and cyber security Sustainability reporting should include cyber security and data governance aspects They share a risk management language and framework. If sustainability is not pushing boundaries- it is not succeeding. Consider all of your stakeholder audience. Both are rapidly changing and are more robust when coordinated. © 2020 GRC Summit All Rights Reserved. Customize your disclosureslet materiality be your guide. PERFORM WITH INTEGRITY ™

Thank You Continue the conversation on #GRCSummit