Cryptocurrency Fraud
,
Fraud Management & Cybercrime
,
Leadership & Executive Communication
Crypto Defense, Data Centers, Monitoring Systems Strain Global Energy Use
•
July 8, 2025
The cybersecurity industry faces an uncomfortable paradox: As organizations protect their digital assets from increasingly sophisticated threats, defensive measures are inadvertently becoming environmental liabilities. As cyberthreats surge, rising 30% in Q2 2024 to 1,636 weekly attacks, the energy-hungry security controls used to defend against them are creating a growing carbon footprint that demands urgent action from CISOs and security leaders globally.
See Also: Beyond Replication & Versioning: Securing S3 Data in the Face of Advanced Ransomware Attacks
Hidden Environmental Cost of Digital Defense
The cybersecurity sector’s environmental impact extends far beyond the obvious data center energy consumption.
Data centers consume 240 to 340 terawatt-hours of electricity annually, representing about 1% to 1.3% of global electricity demand, but this figure does not capture the full scope of security-specific infrastructure and processes that compound this environmental burden.
In Australia, the data center industry’s environmental trajectory is particularly concerning. Morgan Stanley forecasts that the energy demand of data centers will grow from 5% of total national electricity generation to 8% by 2030, potentially reaching as high as 15%. More alarmingly, based on average grid intensities and renewable energy targets, data center Scope 2 emissions are projected to reach 8 million tons, about 2% of Australia’s total emissions and 40% of the country’s annual production of Australian Carbon Credit Units.
Globally, the situation is equally stark. A 2024 study found that data centers emitted 105 million metric tons of carbon emissions, equivalent to about 2% of all U.S. emissions and up from 31.5 million tons in 2018 – a 300% increase in emissions. This trajectory positions data centers to produce about 2.5 billion metric tons of carbon dioxide-equivalent emissions globally through the end of the decade.
SIEM: The Carbon-Intensive Guardian
Security Information and Event Management, or SIEM, systems are one of the most carbon-intensive components of modern cybersecurity infrastructure. Around 75% of SIEM costs are operational after purchase, and a significant portion of these operational costs stems from the enormous computational resources required for continuous monitoring and log analysis.
Modern SIEM platforms process exponentially growing volumes of data from across enterprise infrastructure. Each security event ingested, correlated and analyzed requires computational power that translates directly to energy consumption. With the retail and software industries combined making up 27% of the demand in the SIEM industry and systems operating nonstop throughout the year, the cumulative energy footprint becomes substantial.
A cybersecurity research initiative by Wavestone and Campus Cyber has introduced a groundbreaking methodology for measuring this impact. Their assessment identifies security controls with the highest greenhouse gas emissions based on three critical questions: Does this control require the use of a large number of endpoints? Does this control require the use of a large number of servers? Does this measure require a large amount of network equipment and bandwidth?
Continuous Monitoring: The ‘Always-On’ Carbon Problem
The cybersecurity industry’s shift toward continuous monitoring and real-time threat detection has created an “always-on” problem. Unlike traditional business applications that can scale resources based on demand, security monitoring systems require constant vigilance. This necessitates redundant systems, backup infrastructure and geographically distributed monitoring centers – all consuming energy continuously.
As electric vehicles, other behind-the-meter distributed energy resources and connected devices become more prevalent, the potential for cyberattacks to cause major disruptions to electricity systems could grow. This escalation is driving organizations toward implementing comprehensive monitoring solutions, creating a feedback loop of increasing energy consumption.
The Cryptocurrency Malware Paradox
No aspect of cybersecurity’s carbon footprint is more ironic than the energy consumed for protecting against cryptocurrency mining malware. Bitcoin mining alone consumed 173.42 terawatt-hours of electricity in 2020-2021, which is equivalent to a small country, with global Bitcoin mining activities generating about 85.89 million metric tons of CO2-equivalent emissions.
Organizations deploy sophisticated anti-malware solutions, network monitoring measures and endpoint detection systems specifically to prevent unauthorized crypto mining on their infrastructure. Yet these protective measures themselves consume substantial energy. Crypto mining and data centers together account for 2% of world electricity demand in 2022, with that share likely to climb to 3.5% in three years.
The environmental mathematics becomes perverse: As legitimate crypto mining operations consume massive amounts of energy, the cybersecurity industry also consumes additional energy to prevent illicit mining, creating a double environmental burden. Crypto assets consume an estimated 0.4% to 0.9% of global electricity annually, with yearly electricity consumption equivalent to 120 to 240 billion kilowatt-hours.
Environmental Cost of Security
High-availability security infrastructure demands redundancy that multiplies environmental impact. Security operations centers typically maintain primary and disaster recovery sites, with real-time data replication between facilities. Critical security systems require uninterruptible power supplies, diesel generators for backup power and sophisticated cooling systems – all contributing to carbon emissions.
Legacy cybersecurity solutions require infrastructure, hardware and resources such as electricity to run, and as cloud-based platforms are generally more eco-friendly, the abstract nature of the cloud can lead to its environmental impact being largely overlooked.
Energy efficiency improvements in individual components are being overwhelmed by the sheer scale of deployment. Although AI itself can help reduce energy use in data centers, the rapid and mainstream adoption of AI chatbots such as ChatGPT and Google Bard are likely to accelerate growth in energy demand for AI, including AI-powered security tools.
The Australian Regulatory Response
Australia is beginning to address environmental impact of cybersecurity and data centers through legislative frameworks. The National Greenhouse and Energy Reporting Act 2007, or NGER, and the Treasury Laws Amendment Act of 2024 mandate the reporting of greenhouse gas emissions, energy production and energy consumption by corporations, requiring large corporations to commence sustainability compliance reporting from 2025.
The Digital Transformation Agency is at the forefront of enforcing the NGER Act within data centers, creating new compliance obligations for organizations operating significant cybersecurity infrastructure.
Toward Carbon-Conscious Cybersecurity
The cybersecurity industry must evolve beyond traditional risk-benefit calculations to incorporate environmental impact as a first-class concern. Organizations can adopt eco-friendly practices by migrating to cloud-based security solutions that can be up to 98% more energy efficient than on-premises solutions, implementing energy-efficient alternative protocols and choosing vendors with clear commitments to sustainability.
The approach requires identifying security controls with the highest total greenhouse gas emissions, mapping them according to emission level and risk coverage, and organizing workshops to explore ways of reducing greenhouse emissions without impacting security.
Data life cycle management presents immediate opportunities for improvement. Cybersecurity platforms, particularly those that monitor and report on events, such as SIEMs, process and store a lot of data. How that data is stored can make a big impact on an organization’s carbon footprint, with storage classes – designed for data that doesn’t need to be retrieved quickly – being not only cheaper but also more eco-friendly.
The Path Forward
The convergence of cybersecurity and environmental sustainability represents both challenges and opportunities. The integration of sustainable cybersecurity measures intersects directly with the sustainable development goals, particularly SDG 11 – sustainable cities and communities; SDG 9 – industry, innovation and infrastructure; and SDG 7 – affordable and clean energy.
CISOs and security leaders should acknowledge that environmental sustainability is no longer peripheral to cybersecurity – it’s becoming a core operational and strategic concern. The industry’s continued growth and the escalating threat landscape make this challenge more urgent, not less.
The solutions require both technological innovation and strategic restructuring. Organizations wishing to imagine new, more responsible and sustainable practices must measure their cybersecurity ecological footprint and create action plans for reduction. This includes adopting renewable energy sources, optimizing data retention policies, implementing energy-efficient security architectures and selecting vendors with robust environmental credentials.
