3 Sustainability Issues Facing Software, Social, and Search

Software, social media, and search engine tools play a central role in our digital lives. These solutions deliver numerous benefits like ease of access to endless goods, services, and information, facilitating interpersonal connection, fostering innovation, driving business efficiencies, and providing a lifeline to many industries during the novel coronavirus pandemic.

However, as providers benefit from increasing uptake and reliance on such solutions, they must also grapple with myriad social and environmental risks affecting stakeholders. These include data privacy and security issues, product governance considerations, and the growing environmental footprint of cloud computing.

Despite these challenges, we don’t think the risks preclude long-term investment in the sector. While investors looking to integrate environmental, social, and governance risk factors into their analysis should consider the valuation implications of these issues, the relative price paid for the stock is also a critical factor.

Let’s dive more deeply into these risks.

Data Privacy and Security: Incidents Are High Profile, but Regulatory Risk Is the Most Material Concern

Data privacy and security risk is an issue many of us have come to live with. Not surprisingly, it is the primary ESG risk facing software, social media, and search engine providers. These companies are particularly exposed on account of their highly digitized operations and routine collection and processing of customers’ personal data through either voluntary disclosure or tracking devices. This presents both an attractive target for bad actors wishing to steal customer data or cause malicious activity and a lucrative dataset for Big Tech looking to monetize their offerings via targeted advertising.

As data volume and digitization have increased rapidly, so have the frequency and severity of data breaches along with associated costs. The rising risk profile faced by companies is typified by increasing cyber insurance premiums, with the cost of coverage in the United States more than doubling in the fourth quarter of 2021 alone. And research by IBM/Ponemon shows that data breaches are becoming both more costly for businesses and affecting higher volumes of data records. In the event of an incident, companies may face financial penalties, regulatory action, and reputational damage leading to lost business. In addition, firms may require increased expenditure to upgrade software, infrastructure, and personnel; provide customer remediation; and strengthen detection and response measures.

However, while data breaches and cybersecurity incidents are high-profile, the associated costs are unlikely to make a material dent for highly profitable, well-capitalized companies. In addition, the IBM/Ponemon 2022 Cost of a Data Breach Report shows that 60% of surveyed companies increased prices as a result of a data breach, implying that most companies typically do not bear the full cost of such incidents.

Instead, we view increasingly stringent regulation over the protection and privacy of customers’ personal information as the more material issue. This includes greater scrutiny of companies leveraging tracking technologies to collect customers’ data and inform targeted advertising, and a lack of transparency with customers on how data is being used.

This evolving regulation is leading to rising initial and ongoing compliance burdens, and, at the extreme, threatening the viability of existing business models and corporate strategy. The introduction of a sharper focus by regulators, and Apple getting ahead of more onerous regulation with tracking technology policies that handicap peers by limiting their ability to target and measure advertising has already had a revenue impact on companies like Snap and Meta Platforms. These measures are forcing companies to develop innovative advertising solutions that achieve attractive returns despite restrictions on tracking technologies.

Product Governance: Mission-Critical Software Faces Higher Exposure, and User Content Introduces Risk

Beyond data breaches, software failures can have significant real-world implications, especially when servicing critical infrastructure or vulnerable users in industries like transportation and healthcare. A failure to maintain adequate quality standards, deploy necessary software updates, and provide continuous availability could lead to disastrous consequences for users. This may range from disruptions to employee payroll and benefits administration, misleading tax filers, or, at the extreme, catastrophic events like plane crashes (as seen with Boeing’s 737 Max disasters) or impacts on patients’ health and safety. An example of this was the flawed rollout of electronic health record software Cerner (now owned by Oracle) at U.S. Veterans Affairs healthcare facilities. A series of faults resulted in mismanaged patient care, including incomplete orders and referrals, leading to numerous instances of patient harm.

In addition, while the likes of social media providers Meta Platforms and YouTube (subsidiary of Alphabet) are exempt from legal liability for content users post on their respective platforms under Section 230 of the Communications Decency Act, the potential dispersion of false, discriminatory, or offensive content raises reputational risk and may dilute the quality or appeal of the platforms themselves. To address this, these firms are drawing their own lines on what is deemed acceptable content and implementing screening and review processes. However, this is not without controversy and has led to both backlash for companies being viewed as too reactive or, conversely, accusations of overzealous censorship of content.

Environmental Risks: Energy Intensive Data Centers, and Physical Climate Change Risks Are Important Considerations

Finally, investors should consider the environmental risks tied to software, social media, and search engine tools.

As uptake of such solutions continues to increase, so does demand for the infrastructure required to support it. While the concept of cloud computing sounds almost ephemeral, this industry is highly resource-intensive and supported by an intricate web of physical and technical infrastructure like servers, cables, air conditioning units, water pipes, and generators required to power our digital lives.

The energy intensity of data centers required to run solutions exposes companies to carbon or other resource pricing mechanisms that aim to internalize environmental costs. The systematic implementation of such policies would likely lead to higher data-center-related expenses.

Despite advancements in energy efficiency and a push by hyperscale data center owners like Amazon.com, Alphabet, and Meta Platforms to decarbonize operations, data centers required to deliver solutions remain carbon-intensive. As of 2022, the carbon footprint of the cloud computing industry surpassed the global airline industry, and some pessimistic studies suggest the broader information and communications technology industry could account for 14% of the world’s carbon footprint by 2040, up from 2% in 2018. Data centers also contribute to noise pollution and e-waste and require high volumes of water for cooling purposes and electricity generation, exposing companies reliant on data storage to water risks, including water shortages and water restrictions.

However, while rising carbon emissions from Big Tech providers may seem like a cause for concern, it is important to consider that this is partly driven by other companies moving workloads from less-energy-efficient data centers to cutting-edge hyperscale facilities. All else equal, companies transitioning to more energy-efficient and scalable server architecture are reducing carbon intensity, as well as their exposure to pricing risk.

Nonetheless, with continued uptake of software, social media, and search engine solutions, as well as energy-intensive emerging technologies like artificial intelligence and machine learning, the cloud computing industry must grapple with rising energy demand from higher workloads.

In addition, volatile weather conditions also pose a risk to the physical infrastructure required to run solutions. This was illustrated in July 2022 when Alphabet and Oracle’s respective London-based data centers went offline because of cooling failures amid record heat waves, resulting in system outages for both local and international clients. With extreme weather events expected to become more frequent, these firms face higher risk of operational disruption that could negatively affect system availability and the ability to deliver uninterrupted solutions to customers.

Incorporating ESG Risk Into The Investment Decision

While ESG risks are important considerations, we recommend investors focus on the probability-weighted materiality of these risk factors in the context of a company’s competitive positioning, in conjunction with an assessment of price versus valuation.

Companies with economic moats, which consists of about three fourths of our relevant coverage, or those offering products with no or few viable alternatives, are best placed to minimize the financial materiality of exposure to the aforementioned risks. Such durable competitive advantages can provide earnings protection either through pricing power, allowing companies to pass on higher costs, or customer switching costs and powerful network effects, which reduce the risk of customer attrition.

There are two such examples we’d call out:

• Engineering software company Ansys, currently trading in 4-star territory. The company benefits from significant customer switching costs stemming from the risk of severe engineering or design failures in the absence of using the software, and the time required to train engineers on an alternative solution. In the highly unlikely event of a severe software malfunction, we expect these switching costs will provide some protection to Ansys’ earnings and reduce customer attrition.
• Meta Platforms earns a Morningstar Economic Moat Rating of wide and currently trades in 5-star territory. Meta’s network effect moat source has supported the company’s ability to achieve continued user base growth and maintain user engagement despite its high-profile data privacy and security issues. Even though the firm’s ability to target users directly is diminished owing to tighter privacy regulation and Apple’s tracking technology policies, we expect this network effect should help the company maintain healthy engagement levels from its massive user base and continue to attract demand from advertisers seeking a captive audience.