Key Takeaways
- 3.0% of total corporate greenhouse gas emissions are estimated to come from the use of purchased products and services (Scope 3 category 1) in the U.S. EPA inventory context—important for software supply chain and security services lifecycle accounting.
- 48% of companies report Scope 1 emissions, 38% report Scope 2, and 19% report Scope 3 in CDP’s 2023 global reporting framework results for corporate climate disclosures.
- 65% of enterprises say they lack the data or tooling to calculate the carbon footprint of the applications they run (2023/2024 survey evidence in enterprise sustainability analytics research).
- 45% of data centers worldwide use renewable energy in some form (direct contracts and/or procurement), based on 2023–2024 availability and reporting in international data center sustainability benchmarks.
- The IEA estimates that electricity consumption by data centers and networks will nearly triple between 2022 and 2030 (from 2022 baseline to 2030), implying rising emissions unless efficiency and clean power scale.
- The US EIA reports that electricity generation and consumption data can be used to quantify operational energy-related emissions for IT infrastructure; the EIA’s electricity data series provides the basis for Scope 2 emissions calculations.
- 65% of organizations say sustainability is a factor in cloud provider selection, according to a 2023–2024 vendor and enterprise cloud sustainability survey evidence compiled by industry analyst publications.
- CIS Controls v8 includes the ‘Continuous Vulnerability Management’ practice that can reduce repeated scans and remediation cycles when implemented with change-aware scheduling (reducing resource use while maintaining security coverage).
- Google’s SRE/production engineering practices emphasize error budgets and reliability; while not cybersecurity-specific, reliability improvements reduce incident-driven compute waste—often measured by reduced outages and rollbacks in operations.
- The same IBM report states that the average time to identify a breach was 204 days (2023), which increases the duration of active incident response and containment activities.
- In Verizon DBIR 2023, 74% of breaches involved human element tactics, indicating that targeted security training can reduce repeated incident-response cycles (percent distribution used for risk prioritization).
- CISA’s guidance on Zero Trust Architecture emphasizes continuous evaluation and automation of policy decisions to improve security effectiveness per control execution (measurable configuration objectives).
- NIST SP 800-218 Zero Trust Architecture defines measurable attributes and continuous diagnostics/mitigation; it supports efficient enforcement with policy automation.
- NIST SP 800-137 Information Security Continuous Monitoring defines continuous monitoring processes intended to replace periodic assessments, potentially reducing repetitive assessment compute and administrative overhead.
- 60% of organizations report that they track energy usage in their data centers, enabling sustainability measurement practices that cybersecurity providers can leverage for reporting and optimization
Most organizations still lack tools for carbon and energy accounting, so scaling secure cloud and incident response sustainably is critical.
Related reading
- Sustainability In IndustrySustainability In The Cybersecurity Industry Statistics
- Sustainability In IndustrySustainability In The Cloud Computing Industry Statistics
- Sustainability In IndustrySustainability In The Motion Picture Industry Statistics
- Sustainability In IndustrySustainability In The Big Data Industry Statistics
01 · Category
Measurement & Reporting5 stats
Measurement & Reporting Interpretation
02 · Category
Energy & Emissions7 stats
Energy & Emissions Interpretation
03 · Category
Procurement & Operations5 stats
Procurement & Operations Interpretation
04 · Category
Financial & Risk2 stats
Financial & Risk Interpretation
More related reading
05 · Category
Automation & Efficiency5 stats
Automation & Efficiency Interpretation
06 · Category
Industry Trends7 stats
Industry Trends Interpretation
07 · Category
User Adoption1 stats
User Adoption Interpretation
08 · Category
Performance Metrics2 stats
Performance Metrics Interpretation
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Stefan Wendt. (2026, February 13). Sustainability In The Cyber Security Industry Statistics. Gitnux. https://gitnux.org/sustainability-in-the-cyber-security-industry-statistics
Stefan Wendt. "Sustainability In The Cyber Security Industry Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/sustainability-in-the-cyber-security-industry-statistics.
Stefan Wendt. 2026. "Sustainability In The Cyber Security Industry Statistics." Gitnux. https://gitnux.org/sustainability-in-the-cyber-security-industry-statistics.
Sources & references
34 datasets cited across this report · attribution is report-level
+6 additional datasets cited (not shown individually)

