Sustainable Finance

Academy Sustainable Finance Report – June 2025

June 26, 2025

Sustainable Finance Report – June 2025

While sustainable finance has had some of the wind taken out of its sails, more so in the United States, it continues to power on, albeit with reduced fanfare. In this report we look at framework finance, revisiting our thoughts on cyber use of proceeds and the benefit that it could provide, considering a changing market backdrop and increasing threats. More specifically we examine:

  • A change in market sentiment around ESG, sustainable finance, and the impacts that geopolitical events along energy corridors (like Ukraine & Russia) have had.
  • European reassessment of ESG policies, defense exclusions, and NATO’s push to include cybersecurity as part of its 1.5% defense outlays.
  • Making framework finance and sustainability more relevant in the near-term by fully integrating a governance factor like cybersecurity.

Reassessing Framework Finance: Green, sustainability, and social bonds in prior years saw a strong showing. In the United States, there were over $70bn worth of these bonds printed between 2020-2023. However, the pace has slowed with a little over $10bn in primary “ESG” bonds printed since 2023. It is slightly different in Europe where issuers are still printing, albeit at a muted pace. Year-to-date, European corporates have issued close to $70bn in just “green” bonds and another $4bn in “sustainability” bonds.

The underlying premise being that depending on the label (green, social, or sustainable), the use of proceeds being raised would be allocated to an investment somewhere across the issuer’s value chain that would drive positive impact (environmental and/or social). The benefit was that issuers could raise capital at reduced costs with a labeled UOP bond that appeals to a broader investor base. Investors liked it because the bonds often traded on top of non-labeled bonds and could also meet an investment mandate.

After the offering is complete, issuers would release yearly reporting detailing what was allocated and measuring the impact. NIC for these bonds on average showed a 6-8bps advantage, but over the years this has eroded—as regulatory changes in Europe, combined with the shift in sentiment on energy following the start of the war in Ukraine, have reduced the number of interested funds and demand.

While rising rates have been a headwind for many pre-revenue climate tech companies, the impact of geopolitical events along energy corridors, like Ukraine & Russia, should not be understated and can have a significant effect on energy demand and the direction of investment. Since the war between the two nations began, energy security has become less about the transition to renewables, and more about ensuring accessibility & affordability. ESG investment criteria did not really consider this, resulting in redemptions. Now, with artificial intelligence, options like nuclear are being more widely considered to meet future capacity requirements.

Europe remains the strongest market for sustainable finance, but one that is changing. Asset managers in Europe are reconsidering defense-related exclusions and looking to reassess the theme of “do no significant harm.” One manager has gone on to rebrand ESG as “Energy, Security, and Geopolitics” (something that is very much in Academy’s wheelhouse). In addition, NATO has proposed including expenditures related to cybersecurity to qualify for the related spending target of 1.5% of GDP. This hits one area of sustainable finance that has remained under-covered: cybersecurity & governance.

Was something missed? Lacking in all the green, social, and sustainable bonds issued was governance/cybersecurity, something investors universally tend to weigh more heavily than environmental and social externalities. Green, social, and their variant combination (sustainability bonds) were used to build out energy infrastructure, affordable housing, and uplift communities across the globe, yet high & right on many material matrices was cybersecurity.

Digital networks have become the new ecosystem for business, and the environment of choice for threat actors. Recent reports suggest that if cybercrime was a nation-state, it would be the 3rd largest economy in the world, costing $10.5 trillion this year, and last year saw a 33% increase in cybercrime. Cyber insurance premiums are also expected to increase from $14bn in 2023 to $23bn in 2026.

Despite our reliance on these networks, which remains focused (and perhaps rightfully so) on interoperability, they are vulnerable, and law enforcement is limited in how they can respond. The further integration of physical infrastructure and IT increases efficiency, but also the risk for wide-scale high-consequence events that could disrupt economies. Now with lower barriers to entry like access to LLM and AI, and adoption of cryptocurrencies, threat actors have become emboldened. Organizations including state/local governments, utilities, managed healthcare, financial institutions, and other areas of critical infrastructure remain among their top targets.

Unlike many social and environmental factors, where an issuer can relocate assets, organizations almost by default must operate on the internet, exposing their networks to threat actors. Runway to respond to these events are limited and can impact not only equity valuations, but also credit spreads as well, increasing the cost of capital, and attracting regulatory attention. Simultaneously, an organization may find that if the event was a nation-state threat actor (or related) it might not be covered by the insurer. Limits of law enforcement can also make recourse challenging, leaving much of the defensive lift to the organizations themselves. As a result, in many ransomware cases, the ransom is paid.

Next Phase of Sustainable Finance: In fixed income, sustainable finance must find ways to appeal to short-termism within the framework in which it operates. Fully integrating Governance-Cybersecurity is a great place to start:

  • Cybersecurity as a concern is more near-term, and poses a material threat to a business, its cost of capital, and operations compared to transition or environmental risks.
  • Presents an opportunity for issuers to raise capital that benefits the customer’s security/safety, business, and communities they operate in. Use of proceeds could include, but are not limited to:
    • Enhanced information sharing
    • Cyber bill of materials
    • Hardware and site hardening
    • Training/organizational competency
    • Network segmenting
    • Supplier assistance
    • Enhanced verification
  • Appeals to investors focused on Governance, Cybersecurity, and Defense—broadening the pool of liquidity.
  • Look to leverage the bond issuance with insurers to reduce cyber insurance premiums.
  • Investments into cybersecurity, made possible by the bond raise, could reinforce investments in other asset classes related to Cyber and AI.

With the current environment in Europe, and the push for defensive investments, cybersecurity makes a good match for framework finance and something that can be bolted on to an existing green or sustainable bond framework, helping Europe meet its defense spending targets, and both the U.S. and Europe build out secure networks for a more secure and efficient digital eco-system.

Sources:

Financial Times: https://www.ft.com/content/d3119d3f-97bd-4ff4-905d-b471a8828beb

ESG News: https://esgnews.com/euronext-rebrands-esg-to-support-defense-listings-and-bond-issuance-across-europe/

Reuters: https://www.reuters.com/markets/europe/europes-top-money-managers-start-bring-defence-stocks-cold-2025-03-13/

Bloomberg: https://www.bloomberg.com/news/articles/2025-05-28/nato-floats-cybersecurity-to-be-included-in-new-spending-target

FBI: https://www.fbi.gov/news/press-releases/fbi-releases-annual-internet-crime-report

DISCLAIMER