What happened
A recent industry study found that some common cybersecurity protections, especially backup infrastructure and identity and access management (IAM) systems, are responsible for a large share of the cybersecurity sector’s carbon footprint, highlighting an often-overlooked environmental cost of digital defense.
Who is affected
Enterprises deploying extensive cybersecurity measures, including backup servers, IAM systems, and extensive logging, are contributing to higher carbon emissions; large organizations and public institutions in particular were studied.
Why CISOs should care
As sustainability becomes a board-level priority, CISOs must understand the environmental impact of security architectures. Security technology (not just threats) carries a carbon cost, and choices in resilience and identity systems can materially affect an organization’s CO₂ footprint without improving risk posture.
3 practical actions
- Audit emissions impact: Evaluate the carbon footprint of major cybersecurity functions (e.g., backups, IAM, logging) as part of technology and sustainability reporting.
- Optimize policy and retention: Reduce unnecessary log collection and retention where legally permissible, and streamline IAM systems to eliminate duplication and hardware token waste.
- Consider greener infrastructure: Where feasible, virtualize backup environments and adopt more energy-efficient platforms to balance resilience with climate goals.