Currently, with the acceleration of the digitalization process, cybersecurity has become a core issue in corporate governance and the implementation of ESG, but its quantitative evaluation system is still not perfect. This article aims to establish a quantitative evaluation system for cybersecurity that aligns with the ESG concept, in order to improve the corporate governance structure and enhance the level of cybersecurity management. The research adopts the Analytic Hierarchy Process (AHP) to determine the index weights, and realizes quantitative assessment by classifying severity levels and combining with the segmented scoring rule. Meanwhile, three types of adjustment factors, namely personnel scale, asset scale and industry attributes, are introduced to calibrate the results. Ultimately, an evaluation system was formed, which includes five primary indicators: breach threats, data leakage, security configuration, applications and components, and security incidents, as well as 18 secondary indicators. This system can scientifically measure the network security status of enterprises, and make up for the deficiencies in the integration of network security and ESG in existing research, providing quantitative tools and theoretical support for enterprise network security management and academic research.
Kang et al. (Mon,) studied this question.