You could be forgiven for not always thinking of cyber security as a sustainability topic. But, the reality is it's a very real threat to business and governmental sustainability, and has become ever-more prominent.

It’s not a new one, but geopolitical intentions and the rise of organised crime gangs seeking to exploit digital weaknesses has made it a rising threat, with almost 2,000 organised attack attempts over the past year.

This week, the extent of that threat to UK companies was outlined in no uncertain terms when the National Cyber Security Centre, the country’s top security agency, warned of a "widening gap” between British firms and their ability to cope with cyber onslaughts.

AI was cited as increasing their scale and severity, and the NCSC’s annual report claimed that many were now state-led.

The Daily Telegraph put it more bluntly, outlining that Russia intended to cause “maximum destruction”.

There were, Reuters said, 347 incidents over the last year centred on deliberately extracting organisational information covertly, with ransomware attacks being the most dangerous as they targeted “critical infrastructure like energy, water, transportation, health and telecommunications.”

Even the Ministry of Defence was not immune, with hundreds of staff passwords being accessed in a breach this week.

“Companies, organisations and other parties must immediately do more to bolster their resilience to the evolving risk posed by increasingly sophisticated cyber weapons, enhanced by artificial intelligence,” said a Sky News report.

This week’s stories all focus on the word “underestimated”. The inference is clear: that while companies will have amassed defences against online attacks and larger ones will typically have teams focused on threats as part of ongoing risk management, as well as assess cyber security regularly as part of ESG programmes, the concern is that many are likely drastically underprepared given the number and severity of incidents the UK now faces.

And by the Government’s own recent reckoning, 44% of UK companies have a cyber security skills gap.

For communicators, the main challenge tends to be that a successful cyber security attack can cause huge business and reputational damage, but demonstrating that a firm is well-protected tends to be a fool’s errand, because the bad people would see it as a challenge.

An important part of their role, as another NCSC announcement underlined earlier this year, is to communicate to boards the level of rising risk that companies now face and play a part in action to counter it.

It may be the technical cyber security teams who lead on that, but corporate affairs and communications teams should stand alongside them in driving understanding of the reputation consequences and contingency plans for dealing with an incident.

That Financial Times piece added: “AI also means that they can harvest stolen data better.” In other words, the damage that can be done can be manifold what it was in the past.

Cyber security may seem largely unrelated to sustainability, but it’s certainly an important part of the fabric. Getting a grip on the reputation implications now can both help to harden defences and be a clear demonstration of the organisational value of corporate affairs.