The answer is undoubtedly YES. In fact, we have a major role to play in this regard.
What do we understand by positive impact?
When we talk about positive impact in an organization, we mean that it considers the social and environmental results generated by its actions in a broad sense; that is, it seeks a balance between economic benefit and its contribution to the environment and society. This approach has gained momentum in recent years, and that's why more and more companies understand that the impact they generate as the main agents of change is key to solving the planet's major social and environmental challenges, including it at the epicenter of their businesses. If you like, we can see it as a further step or an evolution of CSR or sustainability, right?
The goal of this post is to highlight the importance of a good cybersecurity strategy, and especially a good continuity strategy (for digital events as well as non-digital ones), in potentially having a significant impact on any organization's strategy and positive impact results.

Positive impact and sustainability
Without going into all the aspects surrounding positive impact, and beyond environmental sustainability, let's focus on business sustainability from a business perspective—that is, keeping the business operating in the face of adverse circumstances.
All companies have a purpose, a mission, a specific task (which may vary over time, but they have it at all times), they are not 'hollow', in this operation (1) many groups of stakeholders intervene, from the employees themselves, to the local community, suppliers, customers, supporters, ... in general all those groups that in one way or another have a relationship with it and (2) it affects the environment, the ecosystems where it operates and, in general, socially in its environment of influence.
Any decision or stance the company takes will impact them in some way, for example, they may be in the area of hiring policies for young, marginalized, or disabled employees (favoring integration), local supplier policies (supporting the local economy), zero-emission policies (reducing the carbon footprint), water consumption reduction policies (protecting natural resources), cybersecurity policies (supporting the sustainability of the operation) ...
Focused on online security
So, what happens if a company ceases operations due to a disruptive event from which it cannot recover? A cybercrisis, for example, something not uncommon in the 21st century, can cause a company to cease operations, and therefore have a more or less direct negative impact on each of the pillars on which the company bases its impact.
From our perspective, our view of this impact should not be limited to avoiding or managing risks, designing controls, or implementing technologies to protect the company from digital threats.
It must incorporate this vision of generating solutions to problems. In this sense, having a continuity strategy—and practicing it—while not an absolute guarantee that a disruption won't be catastrophic (something that, on the other hand, those of us who work in this field know only too well), does make it very likely that it won't be fatal or unrecoverable, minimizing the impact to the margins allowed to guarantee the maintenance of operations, thereby impacting in a controlled manner all the pillars on which the company bases its impact strategy.
Therefore, from the perspective of business sustainability, this places cybersecurity professionals in a privileged position, as one of the key players in the process, thus highlighting the relationship between business continuity and positive impact.

We are not outside the new paradigms of business management; on the contrary, we must be one of the success factors in the pillars of this new organizational strategy, covering all aspects related to our profession and especially those related to continuity.
The regulatory landscape regarding cybersecurity appears to be moving in that direction, creating a new opportunity for our professional field.
Seeing it in a more practical way and going to the framework of SDGs of the 2030 Agenda To base a company's corporate social responsibility strategy, I would highlight that cybersecurity is a key element in, at least:
- SDG 8 Decent work and economic growth, where proper cybersecurity management and brand protection directly support business growth.
- SDG 9 Industry, innovation and infrastructure, where cybersecurity management contributes to maintaining a reliable, resilient, and high-quality technological infrastructure that contributes to sustainable industrialization.
- SDG 16 Peace, Justice, and Strong Institutions, where cybersecurity management in a world marked by digital transformation requires maintaining many of the principles enshrined in human rights.

Learn much more about security strategies and threat analysis on our blog. Professional Master in Cybersecurity, Ethical Hacking and Offensive Security.