Industry Comparison
Select Language
Current language: English (2023)
You are viewing information about the following Industries:
-
Software & IT Services
The Software & Information Technology (IT) Services industry offers products and services globally to retail, business and government customers, and includes entities that develop and sell applications software, infrastructure software and middleware. The industry generally is competitive but with dominant players in some segments. Although relatively immature, the industry is characterised by high-growth entities that place a heavy emphasis on innovation and depend on human and intellectual capital. The industry also includes IT services entities delivering specialised IT functions, such as consulting and outsourced services. New industry business models include cloud computing, software as a service, virtualisation, machine-to-machine communication, big data analysis and machine learning. Additionally, brand value is important for entities in the industry to scale and achieve network effects, whereby wide adoption of a particular software product may result in self-perpetuating growth in sales. -
Hardware
Hardware industry entities design and sell technology hardware products, including computers, consumer electronics, communications equipment, storage devices, components and peripherals. Many entities in the industry rely heavily upon the Electronic Manufacturing Services & Original Design Manufacturing (EMS & ODM) industry for manufacturing services. The industry is expected to continue to grow as technology use rapidly increases, especially among emerging market consumers.
Relevant Issues for both Industries (9 of 26)
Why are some issues greyed out?
The SASB Standards vary by industry based on the different sustainability-related risks and opportunities within an industry. The issues in grey were not identified during the standard-setting process as the most likely to be useful to investors, so they are not included in the Standard. Over time, as the ISSB continues to receive market feedback, some issues may be added or removed from the Standard. Each company determines which sustainability-related risks and opportunities are relevant to its business. The Standard is designed for the typical company in an industry, but individual companies may choose to report on different sustainability-related risks and opportunities based on their unique business model.-
Environment
- GHG Emissions
- Air Quality
-
Energy Management
The category addresses environmental impacts associated with energy consumption. It addresses the company’s management of energy in manufacturing and/or for provision of products and services derived from utility providers (grid energy) not owned or controlled by the company. More specifically, it includes management of energy efficiency and intensity, energy mix, as well as grid reliance. Upstream (e.g., suppliers) and downstream (e.g., product use) energy use is not included in the scope. - Water & Wastewater Management
- Waste & Hazardous Materials Management
- Ecological Impacts
-
Social Capital
- Human Rights & Community Relations
-
Customer Privacy
The category addresses management of risks related to the use of personally identifiable information (PII) and other customer or user data for secondary purposes including but not limited to marketing through affiliates and non-affiliates. The scope of the category includes social issues that may arise from a company’s approach to collecting data, obtaining consent (e.g., opt-in policies), managing user and customer expectations regarding how their data is used, and managing evolving regulation. It excludes social issues arising from cybersecurity risks, which are covered in a separate category. -
Data Security
The category addresses management of risks related to collection, retention, and use of sensitive, confidential, and/or proprietary customer or user data. It includes social issues that may arise from incidents such as data breaches in which personally identifiable information (PII) and other user or customer data may be exposed. It addresses a company’s strategy, policies, and practices related to IT infrastructure, staff training, record keeping, cooperation with law enforcement, and other mechanisms used to ensure security of customer or user data. - Access & Affordability
- Product Quality & Safety
- Customer Welfare
- Selling Practices & Product Labeling
-
Human Capital
- Labour Practices
- Employee Health & Safety
-
Employee Engagement, Diversity & Inclusion
The category addresses a company’s ability to ensure that its culture and hiring and promotion practices embrace the building of a diverse and inclusive workforce that reflects the makeup of local talent pools and its customer base. It addresses the issues of discriminatory practices on the bases of race, gender, ethnicity, religion, sexual orientation, and other factors.
-
Business Model and Innovation
-
Product Design & Lifecycle Management
The category addresses incorporation of environmental, social, and governance (ESG) considerations in characteristics of products and services provided or sold by the company. It includes, but is not limited to, managing the lifecycle impacts of products and services, such as those related to packaging, distribution, use-phase resource intensity, and other environmental and social externalities that may occur during their use-phase or at the end of life. The category captures a company’s ability to address customer and societal demand for more sustainable products and services as well as to meet evolving environmental and social regulation. It does not address direct environmental or social impacts of the company’s operations nor does it address health and safety risks to consumers from product use, which are covered in other categories. - Business Model Resilience
-
Supply Chain Management
The category addresses management of environmental, social, and governance (ESG) risks within a company’s supply chain. It addresses issues associated with environmental and social externalities created by suppliers through their operational activities. Such issues include, but are not limited to, environmental responsibility, human rights, labour practices, and ethics and corruption. Management may involve screening, selection, monitoring, and engagement with suppliers on their environmental and social impacts. The category does not address the impacts of external factors – such as climate change and other environmental and social factors – on suppliers’ operations and/or on the availability and pricing of key resources, which is covered in a separate category. -
Materials Sourcing & Efficiency
The category addresses issues related to the resilience of materials supply chains to impacts of climate change and other external environmental and social factors. It captures the impacts of such external factors on operational activity of suppliers, which can further affect availability and pricing of key resources. It addresses a company’s ability to manage these risks through product design, manufacturing, and end-of-life management, such as by using of recycled and renewable materials, reducing the use of key materials (dematerialization), maximizing resource efficiency in manufacturing, and making R&D investments in substitute materials. Additionally, companies can manage these issues by screening, selection, monitoring, and engagement with suppliers to ensure their resilience to external risks. It does not address issues associated with environmental and social externalities created by operational activity of individual suppliers, which is covered in a separate category. - Physical Impacts of Climate Change
-
-
Leadership and Governance
- Business Ethics
-
Competitive Behaviour
The category covers social issues associated with existence of monopolies, which may include, but are not limited to, excessive prices, poor quality of service, and inefficiencies. It addresses a company’s management of legal and social expectation around monopolistic and anti-competitive practices, including issues related to bargaining power, collusion, price fixing or manipulation, and protection of patents and intellectual property (IP). - Management of the Legal & Regulatory Environment
- Critical Incident Risk Management
-
Systemic Risk Management
The category addresses the company’s contributions to or management of systemic risks resulting from large-scale weakening or collapse of systems upon which the economy and society depend. This includes financial systems, natural resource systems, and technological systems. It addresses the mechanisms a company has in place to reduce its contributions to systemic risks and to improve safeguards that may mitigate the impacts of systemic failure. For financial institutions, the category also captures the company’s ability to absorb shocks arising from financial and economic stress and meet stricter regulatory requirements related to the complexity and interconnectedness of companies in the industry.
Disclosure Topics
What is the relationship between General Issue Category and Disclosure Topics?
The General Issue Category is an industry-agnostic version of the Disclosure Topics that appear in each SASB Standard. Disclosure topics represent the industry-specific impacts of General Issue Categories. The industry-specific Disclosure Topics ensure each SASB Standard is tailored to the industry, while the General Issue Categories enable comparability across industries. For example, Health & Nutrition is a disclosure topic in the Non-Alcoholic Beverages industry, representing an industry-specific measure of the general issue of Customer Welfare. The issue of Customer Welfare, however, manifests as the Counterfeit Drugs disclosure topic in the Biotechnology & Pharmaceuticals industry.-
Access Standard
-
Energy Management
The category addresses environmental impacts associated with energy consumption. It addresses the company’s management of energy in manufacturing and/or for provision of products and services derived from utility providers (grid energy) not owned or controlled by the company. More specifically, it includes management of energy efficiency and intensity, energy mix, as well as grid reliance. Upstream (e.g., suppliers) and downstream (e.g., product use) energy use is not included in the scope.-
Environmental Footprint of Hardware Infrastructure
With the growth of cloud-based service offerings, entities in this industry own, operate or rent increasingly more data centres and other hardware. Thus, managing the energy and water use associated with IT hardware infrastructure is relevant to value creation. Data centres must be powered continuously, and disruptions to the energy supply can have a material effect on operations, depending on the magnitude and timing of the disruption. Entities face a trade-off between energy and water consumption because of data centre cooling needs. Cooling data centres with water instead of chillers improves energy efficiency, but this method may create dependence on significant local water resources. Data centre specification decisions are important for managing costs, obtaining a reliable supply of energy and water, and reducing reputational risks, particularly with the increasing global regulatory focus on climate change and the opportunities arising from energy efficiency and renewable energy innovations.
-
-
Customer Privacy
The category addresses management of risks related to the use of personally identifiable information (PII) and other customer or user data for secondary purposes including but not limited to marketing through affiliates and non-affiliates. The scope of the category includes social issues that may arise from a company’s approach to collecting data, obtaining consent (e.g., opt-in policies), managing user and customer expectations regarding how their data is used, and managing evolving regulation. It excludes social issues arising from cybersecurity risks, which are covered in a separate category.-
Data Privacy & Freedom of Expression
As Software & IT Services entities increasingly deliver products and services over the Internet and through mobile devices, they must carefully manage two separate and often conflicting priorities. First, entities use customer data to innovate and provide customers with new products and services to generate revenues. Second, entities have access to a wide range of customer data, such as personal, demographic, content and behavioural data creating associated privacy concerns. This dynamic may result in increased regulatory scrutiny in many countries. The delivery of cloud-based software and IT services also raises concerns about potential access to user data by governments that may use it to limit the citizens’ freedoms. Effective management in this area may reduce regulatory and reputational risks that may result in decreased revenues, reduced market share and increased regulatory actions involving potential fines and other legal costs.
-
-
Data Security
The category addresses management of risks related to collection, retention, and use of sensitive, confidential, and/or proprietary customer or user data. It includes social issues that may arise from incidents such as data breaches in which personally identifiable information (PII) and other user or customer data may be exposed. It addresses a company’s strategy, policies, and practices related to IT infrastructure, staff training, record keeping, cooperation with law enforcement, and other mechanisms used to ensure security of customer or user data.-
Data Security
Software & IT Services entities are targets of growing data security threats from cyberattacks, which puts their own data and their customers’ data at risk. Inadequate prevention, detection and remediation of data security threats may influence customer acquisition and retention and result in decreased market share and reduced demand for the entity’s products. In addition to reputational damage and increased customer turnover, data breaches also may result in increased expenses, commonly associated with remediation efforts such as identity protection offerings and employee training on data protection. Meanwhile, new and emerging data security standards and regulations may affect operating expenses through increased compliance costs. Additionally, entities in this industry may be well-positioned to capture revenue opportunities by providing secure software and services to meet the demand for ensuring data is kept secure.
-
-
Employee Engagement, Diversity & Inclusion
The category addresses a company’s ability to ensure that its culture and hiring and promotion practices embrace the building of a diverse and inclusive workforce that reflects the makeup of local talent pools and its customer base. It addresses the issues of discriminatory practices on the bases of race, gender, ethnicity, religion, sexual orientation, and other factors.-
Recruiting & Managing a Global, Diverse & Skilled Workforce
Employees are important contributors to value creation in the Software & IT Services industry. Entities commonly find recruiting qualified employees to fill these positions difficult. A shortage in technically skilled employees can create intense competition to acquire highly skilled employees globally, contributing to high employee turnover rates. Some entities contribute to relevant education and training programmes to expand the availability of domestic, skilled employees. Entities offer significant monetary and non-monetary benefits to improve employee engagement and therefore retention and productivity. Initiatives to improve employee engagement and work-life balance may influence the recruitment and retention of a diverse workforce. Since the industry is characterised by relatively low representation from women and minority groups, efforts to recruit and develop globally diverse talent pools may address the talent shortage and improve the value of entity offerings. Greater workforce diversity is important for innovation and helps entities understand the needs of a diverse and global customer base.
-
-
Product Design & Lifecycle Management
The category addresses incorporation of environmental, social, and governance (ESG) considerations in characteristics of products and services provided or sold by the company. It includes, but is not limited to, managing the lifecycle impacts of products and services, such as those related to packaging, distribution, use-phase resource intensity, and other environmental and social externalities that may occur during their use-phase or at the end of life. The category captures a company’s ability to address customer and societal demand for more sustainable products and services as well as to meet evolving environmental and social regulation. It does not address direct environmental or social impacts of the company’s operations nor does it address health and safety risks to consumers from product use, which are covered in other categories.None -
Supply Chain Management
The category addresses management of environmental, social, and governance (ESG) risks within a company’s supply chain. It addresses issues associated with environmental and social externalities created by suppliers through their operational activities. Such issues include, but are not limited to, environmental responsibility, human rights, labour practices, and ethics and corruption. Management may involve screening, selection, monitoring, and engagement with suppliers on their environmental and social impacts. The category does not address the impacts of external factors – such as climate change and other environmental and social factors – on suppliers’ operations and/or on the availability and pricing of key resources, which is covered in a separate category.None -
Materials Sourcing & Efficiency
The category addresses issues related to the resilience of materials supply chains to impacts of climate change and other external environmental and social factors. It captures the impacts of such external factors on operational activity of suppliers, which can further affect availability and pricing of key resources. It addresses a company’s ability to manage these risks through product design, manufacturing, and end-of-life management, such as by using of recycled and renewable materials, reducing the use of key materials (dematerialization), maximizing resource efficiency in manufacturing, and making R&D investments in substitute materials. Additionally, companies can manage these issues by screening, selection, monitoring, and engagement with suppliers to ensure their resilience to external risks. It does not address issues associated with environmental and social externalities created by operational activity of individual suppliers, which is covered in a separate category.None -
Competitive Behaviour
The category covers social issues associated with existence of monopolies, which may include, but are not limited to, excessive prices, poor quality of service, and inefficiencies. It addresses a company’s management of legal and social expectation around monopolistic and anti-competitive practices, including issues related to bargaining power, collusion, price fixing or manipulation, and protection of patents and intellectual property (IP).-
Intellectual Property Protection & Competitive Behaviour
Entities in the Software & IT Services industry spend a significant proportion of their revenues on IP protection, including acquiring patents and copyrights. Although IP protection is inherent to some entity business models and is an important driver of innovation, entities’ IP practices sometimes may be a contentious societal issue. Entities sometimes acquire patents and other IP protection to restrict competition and innovation, particularly if they are dominant market players. Because of software complexity, its abstract nature and increasing IP rights protection related to software, entities in the industry must navigate overlapping patent claims to operate. As a result, entities in the industry may find themselves constantly in litigation or subject to regulatory scrutiny either because of allegations of patent violations if they engage in unethical business practices, or are perceived as doing so, or because they engage in IP infringement litigation. Adverse legal or regulatory rulings related to antitrust and IP may expose entities in the industry to costly and lengthy litigations and potential monetary losses as a result. Such rulings also may affect an entity’s market share and pricing power if its patents or dominant position in important markets are challenged legally, with potentially significant effects on revenue. Therefore, entities that balance the protection of their IP and its use to spur innovation while ensuring their IP management and other business practices do not unfairly restrict competition, may reduce regulatory scrutiny and legal actions while protecting their market value.
-
-
Systemic Risk Management
The category addresses the company’s contributions to or management of systemic risks resulting from large-scale weakening or collapse of systems upon which the economy and society depend. This includes financial systems, natural resource systems, and technological systems. It addresses the mechanisms a company has in place to reduce its contributions to systemic risks and to improve safeguards that may mitigate the impacts of systemic failure. For financial institutions, the category also captures the company’s ability to absorb shocks arising from financial and economic stress and meet stricter regulatory requirements related to the complexity and interconnectedness of companies in the industry.-
Managing Systemic Risks from Technology Disruptions
With trends towards increased cloud computing and Software as a Service (SaaS), software and IT service providers must ensure they have robust infrastructure and policies in place to minimise disruptions to their services. Disruptions such as programming errors or server downtime may generate systemic risks, because computing and data storage functions move from individual entity servers in various industries to data centres of cloud-computing service providers. The risks are increased particularly if the affected customers are in sensitive sectors, such as financial institutions or utilities, which are considered critical national infrastructure. Entities’ investments in improving the reliability and quality of their IT infrastructure and services may attract and retain customers, thereby creating revenue and opportunities in new markets.
-
-
-
Access Standard
-
Energy Management
The category addresses environmental impacts associated with energy consumption. It addresses the company’s management of energy in manufacturing and/or for provision of products and services derived from utility providers (grid energy) not owned or controlled by the company. More specifically, it includes management of energy efficiency and intensity, energy mix, as well as grid reliance. Upstream (e.g., suppliers) and downstream (e.g., product use) energy use is not included in the scope.None -
Customer Privacy
The category addresses management of risks related to the use of personally identifiable information (PII) and other customer or user data for secondary purposes including but not limited to marketing through affiliates and non-affiliates. The scope of the category includes social issues that may arise from a company’s approach to collecting data, obtaining consent (e.g., opt-in policies), managing user and customer expectations regarding how their data is used, and managing evolving regulation. It excludes social issues arising from cybersecurity risks, which are covered in a separate category.None -
Data Security
The category addresses management of risks related to collection, retention, and use of sensitive, confidential, and/or proprietary customer or user data. It includes social issues that may arise from incidents such as data breaches in which personally identifiable information (PII) and other user or customer data may be exposed. It addresses a company’s strategy, policies, and practices related to IT infrastructure, staff training, record keeping, cooperation with law enforcement, and other mechanisms used to ensure security of customer or user data.-
Product Security
The hardware products and related software offered by entities in the Hardware industry may have vulnerabilities that expose consumers to data security threats. Therefore, hardware manufacturers must help ensure user data security. Such vulnerabilities may occur at any stage of a product lifecycle, including product design, the manufacturing supply chain, product distribution and the product’s use-phase. Entities in the industry unable to identify vulnerabilities may risk exposing consumer data to security threats and potentially eroding the trust of their customer base. Cybersecurity threats create both risks and opportunities for the Hardware industry, as effective product security may be a source of competitive advantage for entities, potentially increasing their sales and market share. Additionally, user concerns about data security and related government actions may also serve as revenue-generating opportunities for securing government contracts and providing security products.
-
-
Employee Engagement, Diversity & Inclusion
The category addresses a company’s ability to ensure that its culture and hiring and promotion practices embrace the building of a diverse and inclusive workforce that reflects the makeup of local talent pools and its customer base. It addresses the issues of discriminatory practices on the bases of race, gender, ethnicity, religion, sexual orientation, and other factors.-
Employee Diversity & Inclusion
Greater workforce diversity is important for innovation since it helps entities understand the needs of a diverse and global customer base, which results in the ability to design desirable products and communicate with customers effectively. Entities unable to attract and retain diverse talent may risk losing market share to competitors that successfully employ a staff capable of recognising the needs of diverse populations and capturing demand from segments of the population that have been traditionally overlooked. Furthermore, entities perceived as being more representative of a diverse, global customer base may increase brand loyalty which also may be a source of competitive advantage. Entities successful in recruiting and retaining a diverse and inclusive workforce also may achieve lower employee turnover rates, resulting in cost savings.
-
-
Product Design & Lifecycle Management
The category addresses incorporation of environmental, social, and governance (ESG) considerations in characteristics of products and services provided or sold by the company. It includes, but is not limited to, managing the lifecycle impacts of products and services, such as those related to packaging, distribution, use-phase resource intensity, and other environmental and social externalities that may occur during their use-phase or at the end of life. The category captures a company’s ability to address customer and societal demand for more sustainable products and services as well as to meet evolving environmental and social regulation. It does not address direct environmental or social impacts of the company’s operations nor does it address health and safety risks to consumers from product use, which are covered in other categories.-
Product Lifecycle Management
Entities in the Hardware industry face increasing challenges associated with environmental and social externalities attributed to product manufacturing, transport, use and disposal. Rapid obsolescence of hardware products may worsen these externalities. Entities are designing more products with the entire lifecycle in mind. Specific considerations include energy efficiency of products, hazardous material inputs, and designing for and facilitating safe end-of-life disposal and recycling. Entities that prioritise designing and manufacturing products with improved environmental and social impacts may avoid costs associated with externalities, and they may be more likely to grow consumer demand and market share, while eliminating potentially harmful materials. Furthermore, entities that minimise environmental and social externalities of products may be less exposed to increasing regulation and costs, such as those related to extended producer responsibility.
-
-
Supply Chain Management
The category addresses management of environmental, social, and governance (ESG) risks within a company’s supply chain. It addresses issues associated with environmental and social externalities created by suppliers through their operational activities. Such issues include, but are not limited to, environmental responsibility, human rights, labour practices, and ethics and corruption. Management may involve screening, selection, monitoring, and engagement with suppliers on their environmental and social impacts. The category does not address the impacts of external factors – such as climate change and other environmental and social factors – on suppliers’ operations and/or on the availability and pricing of key resources, which is covered in a separate category.-
Supply Chain Management
Entities in the Hardware industry commonly have relatively narrow profit margins and remain competitive by relying on complex, global supply chains and outsourced production to electronics manufacturing services (EMS) entities. Because entities in the industry typically contract with suppliers in countries with lower direct costs, entities often manufacture products in countries that have limited labour regulations or enforcement protecting workers. Entities in the industry may have limited direct control over social and environmental standards in production, making management of this issue difficult. This dynamic may increase an entity’s exposure to reputational risks and impacts on short- and long-term costs and sales. Such effects may arise from increasing regulation and enforcement in response to high-profile safety or labour incidents, or through a shift in demand away from entities associated with such incidents. Entities that actively manage the impacts generated by the supply chain using supplier standards, monitoring and engagement may better protect shareholder value over the long term.
-
-
Materials Sourcing & Efficiency
The category addresses issues related to the resilience of materials supply chains to impacts of climate change and other external environmental and social factors. It captures the impacts of such external factors on operational activity of suppliers, which can further affect availability and pricing of key resources. It addresses a company’s ability to manage these risks through product design, manufacturing, and end-of-life management, such as by using of recycled and renewable materials, reducing the use of key materials (dematerialization), maximizing resource efficiency in manufacturing, and making R&D investments in substitute materials. Additionally, companies can manage these issues by screening, selection, monitoring, and engagement with suppliers to ensure their resilience to external risks. It does not address issues associated with environmental and social externalities created by operational activity of individual suppliers, which is covered in a separate category.-
Materials Sourcing
Entities in the Hardware industry rely on numerous critical materials as important inputs for finished products. Many of these inputs have few or no available substitutes and often are sourced from only a few countries, many of which may be subject to geopolitical uncertainty. Other sustainability impacts related to climate change, land use, resource scarcity and conflict in regions where the industry’s supply chain operates are also increasingly shaping the industry’s ability to source materials. Additionally, increased competition for these materials because of growing global demand from other sectors may result in price increases and supply risks. The ability of entities to manage potential material shortages, supply disruptions, price volatility and reputational risks is made more difficult by the practice of commonly sourcing materials from supply chains that may lack transparency. Failure to effectively manage sourcing may constrain access to necessary materials, reduce margins, impair revenue growth or increase costs of capital.
-
-
Competitive Behaviour
The category covers social issues associated with existence of monopolies, which may include, but are not limited to, excessive prices, poor quality of service, and inefficiencies. It addresses a company’s management of legal and social expectation around monopolistic and anti-competitive practices, including issues related to bargaining power, collusion, price fixing or manipulation, and protection of patents and intellectual property (IP).None -
Systemic Risk Management
The category addresses the company’s contributions to or management of systemic risks resulting from large-scale weakening or collapse of systems upon which the economy and society depend. This includes financial systems, natural resource systems, and technological systems. It addresses the mechanisms a company has in place to reduce its contributions to systemic risks and to improve safeguards that may mitigate the impacts of systemic failure. For financial institutions, the category also captures the company’s ability to absorb shocks arising from financial and economic stress and meet stricter regulatory requirements related to the complexity and interconnectedness of companies in the industry.None
-
General Issue Category
Remove
Software & IT Services
Access Standard
Remove
Hardware
Access Standard
Energy Management
-
Environmental Footprint of Hardware Infrastructure
With the growth of cloud-based service offerings, entities in this industry own, operate or rent increasingly more data centres and other hardware. Thus, managing the energy and water use associated with IT hardware infrastructure is relevant to value creation. Data centres must be powered continuously, and disruptions to the energy supply can have a material effect on operations, depending on the magnitude and timing of the disruption. Entities face a trade-off between energy and water consumption because of data centre cooling needs. Cooling data centres with water instead of chillers improves energy efficiency, but this method may create dependence on significant local water resources. Data centre specification decisions are important for managing costs, obtaining a reliable supply of energy and water, and reducing reputational risks, particularly with the increasing global regulatory focus on climate change and the opportunities arising from energy efficiency and renewable energy innovations.
Customer Privacy
-
Data Privacy & Freedom of Expression
As Software & IT Services entities increasingly deliver products and services over the Internet and through mobile devices, they must carefully manage two separate and often conflicting priorities. First, entities use customer data to innovate and provide customers with new products and services to generate revenues. Second, entities have access to a wide range of customer data, such as personal, demographic, content and behavioural data creating associated privacy concerns. This dynamic may result in increased regulatory scrutiny in many countries. The delivery of cloud-based software and IT services also raises concerns about potential access to user data by governments that may use it to limit the citizens’ freedoms. Effective management in this area may reduce regulatory and reputational risks that may result in decreased revenues, reduced market share and increased regulatory actions involving potential fines and other legal costs.
Data Security
-
Data Security
Software & IT Services entities are targets of growing data security threats from cyberattacks, which puts their own data and their customers’ data at risk. Inadequate prevention, detection and remediation of data security threats may influence customer acquisition and retention and result in decreased market share and reduced demand for the entity’s products. In addition to reputational damage and increased customer turnover, data breaches also may result in increased expenses, commonly associated with remediation efforts such as identity protection offerings and employee training on data protection. Meanwhile, new and emerging data security standards and regulations may affect operating expenses through increased compliance costs. Additionally, entities in this industry may be well-positioned to capture revenue opportunities by providing secure software and services to meet the demand for ensuring data is kept secure.
-
Product Security
The hardware products and related software offered by entities in the Hardware industry may have vulnerabilities that expose consumers to data security threats. Therefore, hardware manufacturers must help ensure user data security. Such vulnerabilities may occur at any stage of a product lifecycle, including product design, the manufacturing supply chain, product distribution and the product’s use-phase. Entities in the industry unable to identify vulnerabilities may risk exposing consumer data to security threats and potentially eroding the trust of their customer base. Cybersecurity threats create both risks and opportunities for the Hardware industry, as effective product security may be a source of competitive advantage for entities, potentially increasing their sales and market share. Additionally, user concerns about data security and related government actions may also serve as revenue-generating opportunities for securing government contracts and providing security products.
Employee Engagement, Diversity & Inclusion
-
Recruiting & Managing a Global, Diverse & Skilled Workforce
Employees are important contributors to value creation in the Software & IT Services industry. Entities commonly find recruiting qualified employees to fill these positions difficult. A shortage in technically skilled employees can create intense competition to acquire highly skilled employees globally, contributing to high employee turnover rates. Some entities contribute to relevant education and training programmes to expand the availability of domestic, skilled employees. Entities offer significant monetary and non-monetary benefits to improve employee engagement and therefore retention and productivity. Initiatives to improve employee engagement and work-life balance may influence the recruitment and retention of a diverse workforce. Since the industry is characterised by relatively low representation from women and minority groups, efforts to recruit and develop globally diverse talent pools may address the talent shortage and improve the value of entity offerings. Greater workforce diversity is important for innovation and helps entities understand the needs of a diverse and global customer base.
-
Employee Diversity & Inclusion
Greater workforce diversity is important for innovation since it helps entities understand the needs of a diverse and global customer base, which results in the ability to design desirable products and communicate with customers effectively. Entities unable to attract and retain diverse talent may risk losing market share to competitors that successfully employ a staff capable of recognising the needs of diverse populations and capturing demand from segments of the population that have been traditionally overlooked. Furthermore, entities perceived as being more representative of a diverse, global customer base may increase brand loyalty which also may be a source of competitive advantage. Entities successful in recruiting and retaining a diverse and inclusive workforce also may achieve lower employee turnover rates, resulting in cost savings.
Product Design & Lifecycle Management
-
Product Lifecycle Management
Entities in the Hardware industry face increasing challenges associated with environmental and social externalities attributed to product manufacturing, transport, use and disposal. Rapid obsolescence of hardware products may worsen these externalities. Entities are designing more products with the entire lifecycle in mind. Specific considerations include energy efficiency of products, hazardous material inputs, and designing for and facilitating safe end-of-life disposal and recycling. Entities that prioritise designing and manufacturing products with improved environmental and social impacts may avoid costs associated with externalities, and they may be more likely to grow consumer demand and market share, while eliminating potentially harmful materials. Furthermore, entities that minimise environmental and social externalities of products may be less exposed to increasing regulation and costs, such as those related to extended producer responsibility.
Supply Chain Management
-
Supply Chain Management
Entities in the Hardware industry commonly have relatively narrow profit margins and remain competitive by relying on complex, global supply chains and outsourced production to electronics manufacturing services (EMS) entities. Because entities in the industry typically contract with suppliers in countries with lower direct costs, entities often manufacture products in countries that have limited labour regulations or enforcement protecting workers. Entities in the industry may have limited direct control over social and environmental standards in production, making management of this issue difficult. This dynamic may increase an entity’s exposure to reputational risks and impacts on short- and long-term costs and sales. Such effects may arise from increasing regulation and enforcement in response to high-profile safety or labour incidents, or through a shift in demand away from entities associated with such incidents. Entities that actively manage the impacts generated by the supply chain using supplier standards, monitoring and engagement may better protect shareholder value over the long term.
Materials Sourcing & Efficiency
-
Materials Sourcing
Entities in the Hardware industry rely on numerous critical materials as important inputs for finished products. Many of these inputs have few or no available substitutes and often are sourced from only a few countries, many of which may be subject to geopolitical uncertainty. Other sustainability impacts related to climate change, land use, resource scarcity and conflict in regions where the industry’s supply chain operates are also increasingly shaping the industry’s ability to source materials. Additionally, increased competition for these materials because of growing global demand from other sectors may result in price increases and supply risks. The ability of entities to manage potential material shortages, supply disruptions, price volatility and reputational risks is made more difficult by the practice of commonly sourcing materials from supply chains that may lack transparency. Failure to effectively manage sourcing may constrain access to necessary materials, reduce margins, impair revenue growth or increase costs of capital.
Competitive Behaviour
-
Intellectual Property Protection & Competitive Behaviour
Entities in the Software & IT Services industry spend a significant proportion of their revenues on IP protection, including acquiring patents and copyrights. Although IP protection is inherent to some entity business models and is an important driver of innovation, entities’ IP practices sometimes may be a contentious societal issue. Entities sometimes acquire patents and other IP protection to restrict competition and innovation, particularly if they are dominant market players. Because of software complexity, its abstract nature and increasing IP rights protection related to software, entities in the industry must navigate overlapping patent claims to operate. As a result, entities in the industry may find themselves constantly in litigation or subject to regulatory scrutiny either because of allegations of patent violations if they engage in unethical business practices, or are perceived as doing so, or because they engage in IP infringement litigation. Adverse legal or regulatory rulings related to antitrust and IP may expose entities in the industry to costly and lengthy litigations and potential monetary losses as a result. Such rulings also may affect an entity’s market share and pricing power if its patents or dominant position in important markets are challenged legally, with potentially significant effects on revenue. Therefore, entities that balance the protection of their IP and its use to spur innovation while ensuring their IP management and other business practices do not unfairly restrict competition, may reduce regulatory scrutiny and legal actions while protecting their market value.
Systemic Risk Management
-
Managing Systemic Risks from Technology Disruptions
With trends towards increased cloud computing and Software as a Service (SaaS), software and IT service providers must ensure they have robust infrastructure and policies in place to minimise disruptions to their services. Disruptions such as programming errors or server downtime may generate systemic risks, because computing and data storage functions move from individual entity servers in various industries to data centres of cloud-computing service providers. The risks are increased particularly if the affected customers are in sensitive sectors, such as financial institutions or utilities, which are considered critical national infrastructure. Entities’ investments in improving the reliability and quality of their IT infrastructure and services may attract and retain customers, thereby creating revenue and opportunities in new markets.