CCRcorp Sites  

The CCRcorp Network unlocks access to a world of insights, research, guides and information in a range of specialty areas.

Our Sites


A basis for research and practical guidance focusing on federal securities laws, compliance & corporate governance.


An educational service that provides practical guidance on legal issues involving public and private mergers & acquisitions, joint ventures, private equity – and much more.


The “one stop” resource for information about responsible executive compensation practices & disclosure.

Widely recognized as the premier online research platform providing practical guidance on issues involving Section 16 of the Securities Exchange Act of 1934 and all of its related rules.


Keeping you in-the-know on environmental, social and governance developments

My boss Liz and I had a discussion earlier this week about how (or if) PracticalESG should cover cyber security as an ESG matter, or whether it continues to fit better as a broader corporate governance topic covered by, where there is already an extensive Practice Area on the topic. She and I have seen arguments on both sides of the fence. Coincidentally, Advisory Board member Doug Chia wrote an article about this very thing yesterday.

Doug set the stage this way:

At its core, ESG stands for the principle that one should identify and consider environmental, social and governance factors when making business investment decisions. But this basic concept has morphed into something seriously flawed – elusive to those trying to objectively define it for constructive purposes and at the same time too easily contorted by those with less than constructive commercial and political interests. One of the biggest flaws of ESG is the subjective open-endedness of what counts as E, S, or G. What fits under each is no longer obvious.

An example of this is cyber security.

His view – which reflects my conversation with Liz and our own conclusion is this:

If forced to assign one letter of ESG to cyber security, the one most proximate is G on the notion that a company’s board of directors has a duty to oversee cyber security (and ERM [enterprise risk management] more generally) or under the concept of ‘data governance’ (which is not the same thing as ‘corporate governance’).

Doug ends with this pointed observation:

One could argue that the term ‘ESG’ is best used as shorthand for anything not typically measured with traditional financial metrics, or ‘externalities’ in general, and pedantic arguments over specific words and letters (like this blog post!) miss the point. But the possibilities for what is an ESG issue cannot be endless. What is not ESG? An undisciplined approach to what constitutes ESG will render it meaningless to those who need to understand its importance (e.g.,Warren Buffett), and an absence of boundaries makes ESG ripe for manipulationco-option, and ridicule by those with ulterior motives (e.g., the Free Enterprise Project). Continuing down this path will undermine the concept of ESG as a critical component of business and investment decisions. ESG’s own biggest risk may be that it can be whatever you want or need it to be.

For, we will cover environmental & social strategy and data governance. The “Big G” is territory for which has a long history of being a go-to resource in that space.

Back to all blogs

The Editor

Lawrence Heim has been practicing in the field of ESG management for almost 40 years. He began his career as a legal assistant in the Environmental Practice of Vinson & Elkins working for a partner who is nationally recognized and an adjunct professor of environmental law at the University of Texas Law School. He moved into technical environmental consulting with ENSR Consulting & Engineering at the height of environmental regulatory development, working across a range of disciplines. He was one… View Profile