SecureWorks Corp. (SCWX): PESTLE Analysis [Nov-2025 Updated]

You're looking for a clear, no-nonsense assessment of SecureWorks Corp. (SCWX) through the PESTLE lens. The direct takeaway is that the company's success hinges almost entirely on the rapid, profitable scaling of its Taegis platform within a hyper-regulated and economically cautious global market. Here's the quick math: SecureWorks is moving from a legacy services model to a high-growth software model, and the external environment is amplifying both the risk and the opportunity, especially as Taegis Annual Recurring Revenue (ARR) is projected to exceed $350 million by the end of fiscal year 2025. We need to see if the political mandates and talent shortages can outpace the macroeconomic slowdown and fierce technological competition.

SecureWorks Corp. (SCWX) - PESTLE Analysis: Political factors

The political landscape in 2025 presents a clear, dual-sided dynamic for SecureWorks Corp. (SCWX): a massive, stable market opportunity driven by government spending and regulatory mandates, but also significant operational risk from escalating geopolitical tensions.

You need to understand that government action is the single biggest accelerator for the cybersecurity market right now. It mandates demand and provides a high-value, sticky customer base. SecureWorks, now part of Sophos as of early 2025, is well-positioned, holding key contracts like the GSA Multiple Award Schedule (MAS) and NASA SEWP V (Solutions for Enterprise-Wide Procurement). That's a direct route to federal, state, and local budgets.

Increased government scrutiny on cyber resilience and reporting, like the SEC's new disclosure rules.

The US Securities and Exchange Commission (SEC) has fundamentally changed the compliance cost structure for public companies, which are SecureWorks' primary customers. The new rules, fully effective in 2024-2025, force a shift from reactive security to proactive, board-level cyber governance.

This is a huge tailwind for SecureWorks' Taegis platform and its professional services, which help clients meet these stringent requirements. The core mandate is rapid incident reporting: a material cybersecurity incident must be disclosed on Form 8-K within four business days of determining materiality. Failure to comply can result in substantial penalties, with fines reaching up to $35 million for false or missing disclosures. This pressure means companies must invest in 24/7 Managed Detection and Response (MDR) services, which is SecureWorks' specialty.

Here is the quick math on the regulatory impact:

Geopolitical tensions drive higher defense spending, which includes cybersecurity budgets for critical infrastructure.

Geopolitical instability, particularly the alignment of nation-state actors like China, Russia, Iran, and North Korea, has made cyber defense a national security priority. This translates directly into government spending that flows to companies like SecureWorks.

The US government's commitment to cyber resilience is clear in its fiscal year 2025 (FY2025) budget requests:

• The total US Federal Budget for FY2025 allocates $13 billion in cybersecurity funding across civilian departments and agencies.
• The Cybersecurity and Infrastructure Security Agency (CISA) has a total FY2025 budget of $3 billion, with approximately $1.7 billion dedicated to cybersecurity efforts for critical infrastructure.
• A significant portion of this CISA funding, $469.8 million, is earmarked for the Continuous Diagnostics and Mitigation (CDM) program, a key federal initiative.

This massive investment creates a stable, high-value market for security services that align with federal standards like NIST (National Institute of Standards and Technology) and FISMA (Federal Information Security Modernization Act), which SecureWorks explicitly supports.

US-China tech rivalry complicates supply chain security and international sales for US-based vendors.

The rivalry between the US and China is a double-edged sword. While it drives domestic spending (a positive), it introduces complexity and risk for global operations (a negative). SecureWorks' own threat intelligence reports for 2025 highlight the continuation of 'Chinese compromises'.

The political environment mandates extreme caution regarding supply chain risk, especially for a US-headquartered technology company. The US government is actively targeting the long-term infiltration model favored by advanced actors like China's Volt Typhoon campaign, which pre-positions disruptive capabilities inside critical infrastructure. This means SecureWorks must invest heavily in supply chain security and demonstrate its products are compliant with evolving national security standards, which adds to operational costs. Plus, international revenue represented approximately 34% of SecureWorks' revenue in fiscal 2023, and escalating tensions could complicate future sales and operations in certain foreign markets.

Government contracts and compliance mandates create a stable, high-value market for security services.

SecureWorks has successfully leveraged the stability of public sector spending. The company is an approved vendor on key US federal and state procurement vehicles, which streamlines the sales process and locks in long-term revenue streams.

Their participation in contracts like the GSA MAS, NASA SEWP V, and various state-level cooperative purchasing contracts (like NASPO ValuePoint, which extends to many states) ensures they are a go-to provider for public sector entities, from federal agencies to local school districts. This compliance-driven market is less price-sensitive than the commercial sector because the cost of non-compliance-especially under the new SEC rules-is so high. The government's need for security services will only grow, defintely making this a resilient revenue channel.

SecureWorks Corp. (SCWX) - PESTLE Analysis: Economic factors

Global inflation and interest rate uncertainty temper overall enterprise IT spending growth in 2025.

You are operating in a paradoxical economic environment where overall enterprise IT spending is growing, but caution still reigns. Worldwide IT spending is projected to total $5.43 trillion in 2025, an increase of 7.9% from 2024. That's a strong headline number, but the details matter for Secureworks.

The 'uncertainty pause' driven by global macroeconomic uncertainties and high interest rates is causing Chief Information Officers (CIOs) to strategically suspend or postpone net-new spending on certain projects. This pause is slowing the growth rate of the broader software and IT services segments, which are core to Secureworks' market. Still, spending on AI-related infrastructure, like data center systems, is surging by an expected 42.4% in 2025, which provides a tailwind for the Taegis platform's cloud-native architecture. Your challenge is converting that underlying infrastructure investment into security platform adoption.

Here's the quick math on the broader IT market segments for 2025:

Source: Gartner (July 2025)

Taegis Annual Recurring Revenue (ARR) is the key metric, projected to exceed $350 million by the end of fiscal year 2025.

The real focus must be on Taegis Annual Recurring Revenue (ARR) as the company continues its pivot away from its legacy Managed Security Services (MSS) business. As of the end of the third quarter of fiscal year 2025 (Q3 FY25), Secureworks' total ARR stood at $288.8 million, representing a 4% year-over-year increase.

Management's updated guidance for the full fiscal year 2025 projects total ARR to be $300 million or greater. While that is a strong indicator of the transition's success, it is still short of the more ambitious $350 million mark, which was likely an earlier or external analyst target. The company's ability to accelerate Taegis ARR growth beyond the recent 4-6% quarterly year-over-year growth rate is defintely critical for its valuation, especially considering the pending acquisition by Sophos.

The shift to subscription models (SaaS) provides predictable revenue but demands high upfront investment in R&D.

The shift to a Software-as-a-Service (SaaS) model with the Taegis platform is fundamentally sound, offering the predictable revenue streams investors love. However, this model front-loads costs, requiring significant and ongoing investment in Research and Development (R&D) to maintain a competitive edge. Secureworks is managing this trade-off well, leveraging automation and Artificial Intelligence (AI) within its cloud architecture.

This investment is paying off in efficiency: the non-GAAP gross margin for Taegis expanded to 74.9% in Q3 FY25, up from 72.7% in the same quarter last year. This margin expansion, driven by operational efficiencies, is crucial for achieving the full-year FY25 Adjusted EBITDA guidance, which is expected to be between $6 million and $12 million. That's a massive turnaround from the Adjusted EBITDA loss of $1.2 million in Q3 FY24.

Economic downturns can increase demand for cost-effective Managed Extended Detection and Response (MXDR) solutions over in-house teams.

In a cautious economic climate, companies scrutinize every dollar. This environment actually creates a strong opportunity for Secureworks' Managed Extended Detection and Response (MXDR) solutions. When budgets tighten, the cost of maintaining a 24/7 in-house security operations center (SOC) with highly-paid, scarce talent becomes prohibitive.

The Taegis platform allows customers to 'streamline spend, reduce risk,' making a compelling cost-effectiveness argument. Outsourcing to a managed solution like Taegis ManagedXDR Plus or Elite, which leverages AI and automation, is often a more financially responsible choice than a full-time internal team. This dynamic positions Secureworks as a necessary, cost-optimized security expenditure, rather than a discretionary IT project, in an economic slowdown.

Currency fluctuations impact revenue from international markets, which account for a significant portion of sales.

Secureworks is a global company, serving customers in over 50 countries, with international revenue historically representing a substantial portion of its total sales. For example, international revenue-defined as revenue contracted through non-U.S. entities-represented approximately 34% of total revenue in fiscal year 2023. While the exact percentage for FY25 is not yet finalized, this high exposure means the company's reported U.S. dollar revenue is highly sensitive to foreign currency exchange rate volatility, especially against the British Pound, Japanese Yen, and Canadian Dollar, where the company has a strong presence.

Currency risk is a constant drag on reported results, particularly when the U.S. dollar strengthens. This impact is a critical factor for investors to consider when evaluating the company's growth, as strong operational performance in a foreign market can be negated by unfavorable currency translation on the income statement.

• International revenue was approximately 34% of total revenue in FY23.
• Customers are served across 75+ countries, with key international markets including the United Kingdom, Japan, Australia, and Canada.
• The company explicitly cites volatility in foreign currency exchange rates as a risk that can negatively impact financial condition and operating results.

SecureWorks Corp. (SCWX) - PESTLE Analysis: Social factors

You're operating in a cybersecurity market defined by a critical talent deficit and a fundamentally changed work environment. The biggest social factor impacting SecureWorks right now isn't just about customer behavior; it's about the scarcity of the human capital needed to fight threats. This shortage, coupled with the security risks of remote work, creates a massive, non-negotiable demand for the Managed Detection and Response (MDR) services that SecureWorks' Taegis platform provides.

Severe global shortage of skilled cybersecurity professionals drives demand for managed services like Taegis MXDR.

The global cybersecurity workforce gap is a structural problem that SecureWorks directly addresses. As of late 2025, the world faces a shortfall of approximately 4.8 million cybersecurity professionals, an increase of about 19% year-over-year. This isn't a pipeline issue that fixes itself quickly; the current workforce needs to grow by an estimated 87% just to meet global demand. Honestly, most enterprises simply cannot hire and retain the staff required to run a 24/7 security operations center (SOC).

This reality is why Managed Detection and Response (MDR) has become a core business imperative, not a luxury. By 2025, it is expected that 50% of organizations will utilize MDR services for threat monitoring, detection, and response functions. SecureWorks' Taegis ManagedXDR platform is positioned to capture this demand by offering a cloud-native solution that effectively outsources the talent problem. You are selling a solution to a labor crisis.

Increased remote and hybrid work models expand the attack surface, necessitating cloud-native security solutions.

Remote work is no longer a temporary measure; it's the new normal, and it has fundamentally fractured the traditional network perimeter. In 2025, roughly 42% of employees log in remotely at least once a week, significantly widening the attack surface to include unsecured home networks and personal devices. This shift creates real, measurable risk for your customers.

Here's the quick math on the risk: 78% of organizations reported at least one security incident linked to remote work in 2025, and the average cost of a remote work-related breach rose to $4.56 million. The reliance on cloud-native security solutions is therefore a necessity, not an option. Taegis XDR, as a cloud-native platform, is designed to provide detection and response across endpoints, network, and clouds, which is exactly what a distributed workforce requires. The fact that 57% of enterprise networks showed increased exposure to vulnerabilities due to remote access in 2025 highlights the urgency. You need a solution that follows the data, not the office building.

Growing public awareness of data breaches erodes customer trust, making security a high-priority C-suite issue.

The social contract between a company and its customers now includes an expectation of data security. When that contract breaks, the financial and reputational damage is severe. The fact that 74% of organizations reported a customer trust impact after remote-related security incidents in 2025 shows how quickly a breach can become a public relations disaster.

Cybersecurity has moved from the IT department to the boardroom. The World Economic Forum's Global Cybersecurity Outlook 2025 found that only 14% of organizations have the necessary skilled talent to meet their cybersecurity objectives, which means the C-suite is acutely aware of its exposure. A security breach now costs more than just cleanup; more than half (52%) of organizations surveyed say breaches cost them more than $1 million. SecureWorks' ability to provide rapid, expert response and continuous threat hunting via Taegis is a direct answer to the C-suite's need to protect brand equity and customer confidence.

Focus on diversity and inclusion in the tech workforce affects talent acquisition and retention strategies.

In a talent-scarce industry like cybersecurity, diversity, equity, and inclusion (DEI) is a competitive advantage, not just a compliance checkbox. Diverse companies are 70% more likely to capture new markets, which is critical for a global platform like Taegis. SecureWorks, now a Sophos company, must continue to prioritize these efforts, especially given the significant workforce reduction of 29.46% (down to 1,516 employees as of February 2, 2024) following the acquisition, which affects morale and talent perception.

The company has made progress, but the tech industry still has work to do. Based on the Fiscal Year 2024 Social Impact Report (using 2023 data), SecureWorks reported that 34% of its global workforce were women, and 17% of its U.S. employees were Underrepresented Minorities (URM). The focus must be on maintaining and accelerating these metrics, as 70% of IT decision makers have structured recruiting initiatives targeting women. Talent acquisition and retention are directly tied to a visible, authentic commitment to inclusion.

• Attract and retain talent in a competitive market.
• Drive innovation through varied perspectives.
• Improve market capture: Diverse companies are 70% more likely to enter new markets.
• Mitigate attrition risk, especially post-acquisition.

SecureWorks Corp. (SCWX) - PESTLE Analysis: Technological factors

Rapid integration of Artificial Intelligence (AI) and Machine Learning (ML) into XDR platforms is a competitive necessity.

You can't talk about cybersecurity in 2025 without starting with Artificial Intelligence (AI) and Machine Learning (ML); it's the core engine for modern Extended Detection and Response (XDR) platforms. Secureworks' ability to scale and maintain margin hinges directly on its AI capabilities within the Taegis platform. They are defintely leaning into this, using hundreds of AI models that leverage a massive, proprietary data set for automated threat detection and prioritization. This focus isn't just marketing; it translates to real operational efficiency for the Security Operations Center (SOC).

Here's the quick math on the efficiency gains: Secureworks reports that the use of AI has reduced investigation times by more than 50% and saved analysts approximately 90% of the time it takes to write up investigations, accelerating response. The platform ingests over 780 billion daily security data events, and this volume requires machine speed to process. This operational leverage is a key reason why the Taegis non-GAAP gross margin continued to expand, reaching approximately 75% in the third quarter of fiscal year 2025. You need that kind of margin expansion to fund the next wave of innovation.

Taegis platform must maintain a technological edge against consolidating rivals like CrowdStrike and Palo Alto Networks.

The XDR market is a platform war, and Taegis is fighting giants. The competitive landscape is consolidating rapidly, with rivals like CrowdStrike and Palo Alto Networks pushing their own AI-native, single-platform narratives. For context, CrowdStrike is projecting a massive scale, with analysts estimating their FY27 Annual Recurring Revenue (ARR) to be around $6.32 billion, dwarfing Secureworks' expected total ARR of $300 million or greater for its full fiscal year 2025. That's a huge gap.

The acquisition of Secureworks by Sophos, which closed in February 2025 for approximately $859 million, fundamentally changes the technological calculus. This merger provides Taegis with a much larger distribution channel and a deeper product portfolio. The planned native integration of Sophos Endpoint with Taegis XDR and Managed Detection and Response (MDR) subscriptions, set for September 2025, is a critical technological step to compete on feature parity and ecosystem breadth. It's a necessary move to gain the scale needed to challenge the market leaders.

The shift to cloud-native security and Security Operations Center (SOC) modernization is a major driver of customer adoption.

The market has decisively moved away from legacy, on-premise security information and event management (SIEM) tools. Customers want a cloud-native platform that can handle the volume and velocity of modern data, and Secureworks has positioned Taegis as exactly that. Being cloud-native allows for the elastic scalability needed to process the more than 5 trillion events weekly the platform handles, a key selling point for large enterprises.

The modernization of the SOC experience is also paramount. Taegis is designed for full transparency, meaning both the customer and the Secureworks SOC analysts work within the exact same platform interface. This collaborative model, plus the commitment to provide 24x7 live SOC team support access in less than 90 seconds via in-console chat, is a clear differentiator for companies struggling with talent gaps. This streamlined experience is what drives customer stickiness and adoption of XDR (Extended Detection and Response).

Proliferation of IoT and Operational Technology (OT) devices expands the required scope of detection and response.

The convergence of IT and Operational Technology (OT) networks is a massive risk and a major technological opportunity. Industrial environments-manufacturing, energy, utilities-are becoming primary targets, and the security platform must extend its visibility. This isn't a niche problem; 75% of all OT attacks now start as a breach on the IT network, according to industry data.

Secureworks has responded by integrating OT security capabilities, offering a dedicated Managed Detection and Response (MDR) for OT solution. This is crucial because the stakes are incredibly high: the industrial sector saw the average cost of a data breach rise by $830,000 per incident in 2024. The Taegis platform addresses this by offering:

• Unifying protection across both IT and OT environments.
• Integrating with core OT toolsets like Dragos, SCADAfence, and Claroty.
• Providing collaborative build-out of IT and OT escalation processes and playbooks.

You need a platform that can speak both IT and OT languages, or you're leaving a massive, high-cost vulnerability open. The ability to monitor and respond across this converged attack surface is a non-negotiable technological requirement for the 2025 enterprise market.

SecureWorks Corp. (SCWX) - PESTLE Analysis: Legal factors

Stricter data privacy regulations (e.g., GDPR, CCPA, and emerging global equivalents) increase compliance complexity.

You are operating in a world where data privacy is no longer a suggestion; it's a massive legal and financial liability. For a company like SecureWorks, whose core business is managing customer data to detect threats, the patchwork of global and US state regulations is a constant operational headache. The European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), along with their emerging equivalents, mean your clients face staggering non-compliance costs, which directly drives demand for SecureWorks' compliance-focused services.

Here's the quick math on the risk: The cost of non-compliance for businesses averages $14.82 million, which is nearly three times the cost of compliance itself. You defintely want to avoid that. GDPR fines can reach up to €20 million or 4% of annual global turnover, whichever is higher. Plus, the US regulatory environment is becoming more fractured, with the number of states having comprehensive privacy laws set to reach 20 by the end of 2025, adding layers of complexity for multi-state clients.

• Non-compliant breach cost: $14.82 million average.
• Maximum GDPR fine: €20 million or 4% of global revenue.
• US states with comprehensive privacy laws by end of 2025: 20.

New SEC rules mandate timely and material cyber incident disclosure, raising the legal stakes for clients and vendors.

The U.S. Securities and Exchange Commission (SEC) has fundamentally changed the game for public companies, forcing cybersecurity to the boardroom and making it a material financial disclosure issue. The new rules, fully in effect for the 2025 fiscal year, require public companies to disclose a material cybersecurity incident on a Form 8-K within four business days of determining materiality. This tight window is a huge pressure point for your clients, and it's a clear opportunity for SecureWorks' Managed Detection and Response (MDR) services.

The new requirement forces immediate, high-stakes decisions under pressure. We are already seeing a trend where companies are disclosing non-material incidents under the voluntary Item 8.01 of Form 8-K to demonstrate transparency and diligence. Out of 41 companies that filed an 8-K for a cyber incident since April 2024, only 15 did so under the mandatory material Item 1.05. This shows that the SEC rules are driving a culture of continuous monitoring and rapid response, which is exactly what SecureWorks' Taegis platform is built to deliver.

Intellectual property (IP) litigation risk is high in the competitive XDR/SaaS security space.

The Extended Detection and Response (XDR) and Security-as-a-Service (SaaS) market is a technological arms race, and the courtroom is the second front. Intellectual property is the key differentiator, making patent litigation a persistent and high-cost risk. In the technology sector, nearly half (46%) of companies that saw their IP exposure grow in the last year reported greater vulnerability to patent disputes. The stakes are immense, particularly as AI and machine learning become embedded in XDR platforms like Taegis.

This is not a theoretical risk; it is an active battleground. For instance, in a 2025 case, CrowdStrike, Inc. v. GoSecure, Inc., the Patent Trial and Appeal Board was actively reviewing the institution of two Inter Partes Review (IPR) proceedings regarding GoSecure's patent claims, demonstrating the aggressive use of legal tools to challenge competitors' core technology in the security space. SecureWorks must continually invest in its own patent portfolio while also building its platform to be demonstrably non-infringing against rivals.

Contractual liability for breaches and service level agreements (SLAs) are becoming more stringent.

As a managed security service provider (MSSP), SecureWorks' legal exposure is directly tied to the performance of its service level agreements (SLAs). Clients are demanding more stringent contractual language, including higher indemnification caps and clearer performance metrics, to shield themselves from the financial fallout of a breach. They want their vendors to share the risk.

The average cost of a data breach is a concrete number that drives these negotiations, hovering around $4.88 million per incident. When a client signs a contract for 24/7 MDR, they are essentially buying a shield against this cost. Therefore, SecureWorks' contracts must carefully define the scope of liability, especially around critical metrics like mean time to detect (MTTD) and mean time to respond (MTTR). Disputes over license agreements and indemnification clauses are a core litigation trend for 2025, as companies seek to reduce their risk exposure in the face of escalating cyberattacks.

SecureWorks Corp. (SCWX) - PESTLE Analysis: Environmental factors

Growing pressure from investors for robust Environmental, Social, and Governance (ESG) reporting, especially from Dell Technologies.

You can't ignore the ESG mandate anymore; it's a core financial risk, not just a public relations exercise. SecureWorks Corp. operates under the shadow of its majority owner, Dell Technologies, which faces intense scrutiny from institutional investors like BlackRock on its sustainability performance. Dell Technologies has set an aggressive target to achieve net-zero greenhouse gas (GHG) emissions across its entire value chain (Scopes 1, 2, and 3) by 2050. This commitment forces SecureWorks to align its own operations, even as a separate public company.

For Fiscal Year 2025 (FY25), Dell Technologies reported a total energy consumption of 992 million kWh and an increase in renewable electricity consumed to 565 million kWh. While these numbers are for Dell, they set the benchmark and the expectation for SecureWorks' own disclosure and performance. Investors are defintely asking how SecureWorks' cloud-native platform contributes to, or detracts from, the parent company's overall carbon footprint, making transparent ESG reporting a near-term necessity.

The energy consumption of large-scale cloud infrastructure (Taegis platform) requires a clear sustainability strategy.

The Taegis platform is SecureWorks' core product, built on a massive, scalable cloud architecture that processes over 5 trillion events weekly. This scale is powerful for security, but it carries a significant energy cost, even if the actual data centers are managed by hyperscalers like Amazon Web Services or Microsoft Azure. The sustainability strategy here shifts from owning the power plant to optimizing the software.

SecureWorks' financial results show the benefit of this efficiency focus. In the third quarter of FY25, the non-GAAP Taegis gross margin expanded to 74.9%, a direct result of 'efficiencies gained from our ongoing use of automation, AI, and scalable cloud architecture.' That's a good proxy for resource efficiency. The key is translating this operational efficiency into a clear carbon-reduction narrative for customers and investors. You are selling a service that helps clients reduce their own hardware footprint, but the environmental cost of the cloud service itself must be addressed.

Here's the quick math on the corporate-level pressure:

Focus on reducing the carbon footprint of IT operations is a factor in large enterprise procurement decisions.

For large enterprises, especially those with their own net-zero goals, a vendor's sustainability profile is now part of the procurement criteria, falling under the broader umbrella of supply chain risk and third-party due diligence. It's not just about a low price; it's about a low-risk, compliant partner.

In 2025, Chief Information Security Officers (CISOs) are prioritizing a few key, measurable factors in vendor selection, and while carbon footprint is emerging, it is often tied to compliance and supply chain security:

• Require a minimum external cybersecurity rating (e.g., a B or higher).
• Verify compliance with frameworks like SOC 2 or ISO 27001.
• Assess the third-party risk score, as 35.5% of breaches now stem from third-party access.

A lack of a clear sustainability report from SecureWorks becomes a red flag in a CISO's due diligence checklist, even if the primary concern is cyber risk. The simplest way to fail a procurement review is to be the one vendor that can't provide the required ESG data. You need to treat the carbon footprint as a mandatory compliance document.

SecureWorks' role in protecting environmental infrastructure (e.g., power grids, utilities) is a key social responsibility.

SecureWorks' core business-cybersecurity-is inherently tied to environmental stability because its clients include critical infrastructure operators. The energy sector, which includes power grids and utilities, is a massive target. In 2025, the energy sector ranks as the 4th most attacked industry globally, facing threats from nation-state actors and ransomware gangs that aim to disrupt operations.

The company's Taegis platform and Managed Detection and Response (MDR) services directly protect the Operational Technology (OT) and IT systems of these utilities. This is a critical social responsibility that goes beyond data protection; it involves ensuring grid stability and preventing environmental disasters caused by system shutdowns. SecureWorks' ability to secure these systems is a tangible contribution to environmental resilience, and that story needs to be front-and-center in its ESG narrative.