The case for CSR/ Sustainability Reporting Done Responsibly


Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How USPS promotes cybersecurity

Case study: How USPS promotes cybersecurity

A self-supporting, independent federal agency, the United States Postal Service (USPS) is the only delivery service that reaches every address in the US: 155 million residences, businesses and Post Office Boxes. As cyberattacks evolve, USPS responds by raising cyber awareness, fortifying network monitoring and strengthening telecommunications response capabilities.  Tweet This!

This case study is based on the 2018 Annual Sustainability Report by USPS published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.

Layout 1Abstract

Cybersecurity ensures operational continuity, protects USPS’s employees and keeps USPS ‘s customers’ information safe. Accordingly, USPS invests in platforms that increase security as well as improve employee safety, benefit sustainability and enhance customer experiences. In order to promote cybersecurity USPS took action to:

  • provide cybersecurity training
  • implement the “Cyber Guardians” programme
  • raise cybersecurity awareness

What are the material issues the company has identified?

In its 2018 Annual Sustainability Report USPS identified a range of material issues, such as customer service and satisfaction, optimising delivery and network operations, financial stability, employee health, safety and wellness. Among these, promoting cybersecurity stands out as a key material issue for USPS.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups USPS engages with:

Stakeholder Group
Industry groups
Non-profit associations

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics USPS engaged with its stakeholders (USPS customers) through focused surveys, with over 75 respondents providing input on the relative importance of sustainability topics.

What actions were taken by USPS to promote cybersecurity?

In its 2018 Annual Sustainability Report USPS reports that it took the following actions for promoting cybersecurity:

  • Providing cybersecurity training
  • During FY 2018 USPS’s CyberSafe at USPS team trained more than 220,000 employees and contractors on cybersecurity fundamentals. The team also engages employees using interactive touchpoints, including monthly phishing simulations to help employees recognise and report cyberscams. Related events include the Annual Cyber Security Awareness Fair at USPS’s national headquarters, which promotes best practices to employees and USPS contractors.
  • Implementing the “Cyber Guardians” programme
  • USPS also initiated the “Cyber Guardians” ambassador programme, empowering USPS field employees to serve as the eyes and ears of USPS’s cybersecurity programme. These individuals facilitate the exchange of critical cybersecurity information between the Corporate Information Security Office (CISO) organisation and co-workers within their local offices. By year end 2018, CISO had enlisted 55 Cyber Guardians across 19 states. 
  • Raising cybersecurity awareness
  • USPS’s CISO continues to promote its website, CyberSafe at USPS, which provides employees, customers and suppliers with information they need to stay safe online. Visitors can learn more about cybersecurity best practices, and how USPS safeguards their personal and financial information. Throughout the year, CyberSafe at USPS features content that raises awareness and promotes safe online behaviours on a range of topics, which include:
    • Texting scams involving bank notifications, IRS (Internal Revenue Service) notifications and contests.
    • Tech support scams that involve individuals impersonating information technology employees.
    • Risks from using public Wi-Fi in airports and coffee shops.
    • Risks of ransomware and other malware attacks through email attachments.
    • New “Report to CyberSafe” button in Outlook to make reporting suspicious emails easier.
    • Dangers and consequences of sharing user logins, passwords and accounts.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

  • Sustainable Development Goal (SDG) 16: Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
  • Business theme: Compliance with laws and regulations, Protection of privacy


80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

FBRH GRI Standards Certified and IEMA approved Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI-Standards Certified and IEMA approved Course you will be taking the first step in gaining the many benefits of sustainability reporting.



1) This case study is based on published information by USPS, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:


Note to USPS: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.