Cyber security and the environment: can we make cyber security green?

< Blog

3 October 2025

The fourth installment in a cyber security series from Capgemini and RenewableUK explores how cyber security can negatively impact the environment, the environmental impact of cyber security incidents, and how this can be mitigated by making cyber security sustainable by design.

Introduction

Sustainability and cyber security have traditionally occupied separate spheres; one rooted in environmental stewardship, the other in digital defense, which is regarded as so critical it frequently overrides the former. However, as the UK accelerates towards Clean Power 2030, the convergence of these two disciplines has become not just logical but essential.

The relationship between sustainability and cyber security can be seen as a double-edged sword. On one side lies the environmental impact of controls, and on the other we find the environmental consequences of neglecting cyber security.

No sector is better positioned to bridge this divide than the renewable energy sector. Companies across our industry are at the forefront of building a more sustainable world. Their technologies produce far fewer emissions, support land restoration, safeguard public health, and provide the pathway to energy security. Public support is also strong, with recent polling by Opinium Research showing widespread backing for clean energy projects and the infrastructure needed to support them. At the same time, Critical National Infrastructures are a key target for malicious actors due to the vital role they play in society. In fact, the National Cyber Security Centre (NCSC) 2023 annual report called for energy companies to be particularly vigilant, due to the rise of state-aligned actors as a new and emerging threat.

All of this raises an important question: how can we ensure that digital resilience does not undermine environmental goals, whilst still delivering robust protection? The answer lies in making security ‘sustainable by design’.

The double-edged sword: exploring the balance between cyber security and sustainability

The environmental toll of cyber security systems can often be overlooked. In fact, research has shown that cyber security measures can account for up to 17% of IT’s environmental impact.

The most carbon-intensive element of cyber security relates to resilience. This encompasses systems that ensure business continuity during periods of disruption, whether from cyberattacks or natural disasters. These processes rely heavily on data replication and backup storage capabilities, with controls requiring real-time monitoring, such as vulnerability scans, in order to prepare for, prevent and mitigate the impact of any outages on a business’s operations.

These processes all demand a large amount of energy. Additionally, as threats to renewable energy companies escalate, whether driven by shifting geopolitical dynamics or the rapid evolution of emerging technologies, malicious actors gain the tools to launch ever more sophisticated and far-reaching attacks. In response, companies must deploy increasingly complex cyber security controls, which further exacerbates their carbon footprint.

It's important to note that, when it comes to energy companies, the consequences of cyber incidents extend far beyond digital disruption. In fact, they can have profound environmental impacts. A striking example is the Maroochy Water Breach in Australia, where a malicious actor gained remote access to a wastewater system, manipulated pump operations and released 800,000 litres of raw sewage into local parks, rivers, and marine habitats. In another case, a cyberattack targeting a petrochemical facility in Saudi Arabia nearly triggered an explosion.

These incidents illustrate a critical truth: cyber security is not just a matter of operational continuity, it is a pillar of environmental protection. As the renewable energy sector matures and continues to scale up, it is vital to integrate robust, sustainable security practices both to safeguard digital infrastructure and protect the ecosystems that depend on it.

Making resilience sustainable by default

Organisations should take a risk-based approach to make their cyber security operations more sustainable, whilst making themselves more resilient. As each organisation differs, a full evaluation of a company’s IT systems should be conducted to introduce controls that balance cyber security and sustainability effectively. Continuing the theme of the environmental impact of controls related to resilience, some potential avenues to explore include:

• Strategising data duplication and focussing on critical data to reduce the need for further storage and power consumption.


• Implementing differential backup so only changes made since the last backup are saved, rather than the entire system repeatedly.


• Leveraging off-peak hours by scheduling backups when there is less demand across the grid, which often relies on imported gas at peak times.


• Shortening non-essential data retention periods, as well as implementing data expiration policies to reduce the amount of power used.


• Implementing an efficient data management lifecycle so data moves through stages of active use, archival and eventual deletion to ensure energy is not wasted on unused data.

To complement this, organisations can promote ‘green IT practices’. Embedding such practices into daily routines both supports environmental goals and strengthens security, such as:

• Turning devices off at the end of the day or while travelling to reduce both energy and your overall attack surface.


• Regularly deleting unnecessary files and emails to conserve storage and reduce the risk of data breaches.


• Keeping software up to date to extend the lifespan of devices and patch vulnerabilities before they can be exploited.

It is important to note that Green IT is a shared responsibility so, while IT and cyber security departments can encourage colleagues to partake, success hinges on the entire workforce’s participation.

In conclusion

While cyber security and sustainability may be a double-edged sword, striking the right balance between the two empowers an organisation to become both digitally resilient and environmentally responsible, giving it a critical advantage in such a competitive market. Renewable energy companies can start by taking small steps to make their cyber practices more sustainable, including:

• Conducting education and awareness activities on green IT practices, such as the ones listed above.


• Learning about the methodology to assess the carbon footprint of your cyber security.


• Leveraging the series of free templates to collect data and identify areas where you can improve your carbon footprint.

Continuous Resilience for Tomorrow’s Threats

Cybersecurity at Capgemini is more than protection, it’s a strategic enabler of growth, innovation and digital trust. We help organisations shift from reactive risk management to proactive resilience, aligning cyber strategy with business transformation.

Our global network of Cyber Defence Centres, deep sector expertise, and future ready capabilities, from zero trust to Gen AI security, ensure continuous protection across your enterprise. We deliver adaptive governance, threat intelligence and cyber innovation that safeguard critical infrastructure, uphold societal values and empower confident operations at scale.

Whether modernising enterprise wide security or influencing CxO strategy, Capgemini is your partner in building digital trust and securing tomorrow’s opportunities.

Cybersecurity Innovation Workshop

Capgemini is offering a limited number of free cybersecurity innovation workshops, tailored specifically for businesses in renewable energy. These sessions are designed to help you explore emerging threats, strengthen your resilience and unlock new opportunities for secure growth.