TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources APPLICATION SECURITY CYBERSECURITY OPERATIONS IDENTITY & ACCESS MANAGEMENT SECURITY CYBER RISK NEWS Top Cyber Industry Defenses Spike CO2 Emissions Organizations can improve their climate footprints by optimizing two specific cybersecurity protections, without incurring added risks. Nate Nelson, Contributing Writer February 11, 2026 5 Min Read SOURCE: MEDIACOLOR'S VIA ALAMY STOCK PHOTO Two specific areas of cybersecurity — backups and identity and access management (IAM) — are responsible for nearly half (45%) of the cybersecurity industry's climate impact. Though rarely discussed, like any other technologies, cybersecurity protections carry their own costs to the planet. Programs run on electricity. Servers demand water. Devices are built from natural resources and eventually get thrown out. Gérôme Billois, cybersecurity and digital trust partner at Wavestone, recalls seeing all kinds of sustainability movements in corporate settings and wondering why cybersecurity was never part of the conversation. "CISOs can help or make the situation worse [when it comes to] sustainability, depending on the way they write security rules," he says. "And that's why we started a study: to enable the CISO to be part of the sustainability process of his or her company, and to find actionable ways to reduce CO2 consumption while at the same time not adding more risks." Related:Warlock Gang Breaches SmarterTools Via SmarterMail Bugs At RSAC Conference in San Francisco next month, Billois is going to share the results of Wavestone's study into the relative climate impact of cybersecurity measures. Some of those results came as a surprise. The Climate Impact of Cybersecurity Protections In performing the study, Billois says, "We did a first phase theoretically, and then we did a second phase on-site within more than 10 very large companies and public organizations. We evaluated their cybersecurity systems to identify where there were the most climate consumptions, and then how to reduce them, very concretely." Going into the experiment, he and his colleagues had some guesses as to what might rank high on the list of climate impacts. Maybe company-issued devices would be a big contributor, especially those issued to contractors who probably don't need them. Encryption was another one of their hypotheses but, he recalls, "We discovered after speaking with cryptographers that the main [driver] for the last 50 years of cryptography has been to make encryption systems very efficient, very fast, very lightweight, mainly for performance reasons. And that has co-benefits that led to encryption finally having a low impact on CO2 emissions. Because if it's very lightweight, it will not produce a lot of CO2." In fact, the No. 1 most environmentally harmful category of cybersecurity technology is resilience, by some distance. That means backup servers and computers, and other measures taken to ensure redundancy of data, which together contributed approximately 29% of the studied organizations' cyber climate impact. Related:Shai-hulud: The Hidden Costs of Supply Chain Attacks The next closest category was IAM, at 16%. "It was quite a surprise, because we thought, it's a simple system: you have a simple database with all the identity of your users, then you have authentication, passwords, and things like that," Billois says. It turned out to be much bigger than they realized, for two main reasons. First, he says, "If you look at the IAM landscape within large organizations, often there are three, four, five identity systems. Why? Because there have been mergers and acquisitions, old systems, duplicate systems, and at the end it's a big mess." The second reason IAM stuck out in the data was because of hardware tokens, Billois says: "That causes huge consumption of CO2, because you have to build them, you have to have plastics, electronics, batteries." Other cybersecurity activities that contribute more than the average to climate change include event logging, penetration tests, vulnerability scans, patch management, and contractor workstations. Interestingly, despite all of the industry hubbub and vendor marketing gimmicks, ultra-power-consuming artificial intelligence (AI) made no discernible imprint on the study. "I think it will be very interesting to look at what is going to happen in the end of '26, maybe mid-27," Billois says, but, he notes, "I do not see many AI systems in cyber. So far, what I have seen deployed are quite low-impact, low-usage tools." Related:OpenClaw's Gregarious Insecurities Make Safe Usage Difficult Cybersecurity categories that incur less of a carbon footprint include: application security; email security; network technologies like segmentation, mapping, and anti-distributed denial of service (DDoS) tools; and data protections — including protections for data in transit and at rest, including cryptography. How to Make Cybersecurity Greener There are plenty of ways organizations can at least modestly reduce their carbon footprints, without having to compromise on cyber preparedness. For instance, the quickest policy shift organizations can implement tomorrow is not automatically giving third-party contractors dedicated workstations. CISOs can let contractors use their own machines, but still ensure their security by migrating to virtual desktop infrastructure (VDI). Logs meanwhile are an area where there's often room to cut back. "We collect a lot of logs, not exactly always knowing why, and the retention period is a huge cost in terms of infrastructure, and also CO2," Billois says. "So at some point, you can revisit your log collection, and log retention, and if there are no legal issues, you can think about compressing them to reduce their volume. It's something that is, I would say, quite easy to do. Even better: By consolidating IAM systems, some organizations might find they can cut back on emissions, costs, risks, and employee frustrations all at the same time. All of that said, unfortunately, the biggest cyber polluter, by far, is also the most difficult to scale back without incurring risk. Some companies can swap underutilized physical infrastructure for virtualized backups, which eat less power, if they're not already doing that; but there are few other great ways to make cyber resilience more efficient. "You can reduce CO2 [from backups] very easily: you stop buying two servers, or you stop having a duplicate of all your data," Billois says. "But regarding risk, it's not a good idea [to eliminate redundancy]. So for this one, we don't have a lot to do." About the Author Nate Nelson, Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Ransomware and the Supply Chain: A Fireside Chat with the CISOs Who Literally Wrote the Book on Third-Party Risk The Hidden AI Attack Surface: How GenAI Tools Expand Data Exposure Risk Beyond the Model: The Expanded Attack Surface of AI Agents AI-Powered Threat Hunting: Staying Ahead of Evolving Attack Patterns AI-Powered Cloud Security Posture Management More Webinars You May Also Like APPLICATION SECURITY Microsoft Drops Another Massive Patch Update by Jai Vijayan, Contributing Writer APR 08, 2025 APPLICATION SECURITY 'IngressNightmare' Vulns Imperil Kubernetes Environments by Jai Vijayan, Contributing Writer MAR 24, 2025 APPLICATION SECURITY It Takes Only 250 Documents to Poison Any AI Model by Jai Vijayan, Contributing Writer OCT 22, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice THREAT INTELLIGENCE EnCase Driver Weaponized as EDR Killers Persist byRob Wright FEB 5, 2026 4 MIN READ CYBERSECURITY OPERATIONS Extra Extra! Announcing DR Global Latin America byTara Seals FEB 4, 2026 2 MIN READ CYBER RISK TransUnion's Real Networks Deal Focuses on Robocall Blocking byJeffrey Schwartz FEB 9, 2026 2 MIN READ Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Ransomware and the Supply Chain: A Fireside Chat with the CISOs Who Literally Wrote the Book on Third-Party Risk THURS, FEB 19, 2026 AT1PM EST The Hidden AI Attack Surface: How GenAI Tools Expand Data Exposure Risk ON-DEMAND WEBINAR Beyond the Model: The Expanded Attack Surface of AI Agents THURS, FEB 26, 2026 AT 1PM EST AI-Powered Threat Hunting: Staying Ahead of Evolving Attack Patterns THURS, FEB 12, 2026 AT 11AM ET AI-Powered Cloud Security Posture Management WED, FEB 18,2026 AT 1:00PM EST More Webinars White Papers The Threat Prevention Buyer's Guide FInd the best AI-driven threat protection solution to stop file-based attacks. Assessing Security Architectures: Zero Trust vs. Network-Centric Models 5 Steps to Stop Ransomware With Zero Trust 10 Ways a Zero Trust Architecture Protects Against Ransomware Why Removing Admin Rights Is the Key to Better Cyber Insurance Rates eBook Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE Discover More Black Hat