CCRcorp Sites  

The CCRcorp Network unlocks access to a world of insights, research, guides and information in a range of specialty areas.

Our Sites


A basis for research and practical guidance focusing on federal securities laws, compliance & corporate governance.


An educational service that provides practical guidance on legal issues involving public and private mergers & acquisitions, joint ventures, private equity – and much more.


The “one stop” resource for information about responsible executive compensation practices & disclosure.

Widely recognized as the premier online research platform providing practical guidance on issues involving Section 16 of the Securities Exchange Act of 1934 and all of its related rules.


Keeping you in-the-know on environmental, social and governance developments

At the end of January, FBI Director Christopher Wray testified at the House Select Committee on the Chinese Communist Party. Among other things, he stated that

“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities. If or when China decides the time has come to strike, they’re not focused solely on political or military targets…”

In recent years, we’ve seen high-profile instances of hackers taking over industrial operations, including Colonial Pipeline (the largest pipeline system for refined oil products in the U.S.) and disabling operations at meatpacker JBS. I wrote about the nexus between environmental and cyber risk back in 2021, but given Wray’s new warning, it seemed worth revisiting. With the almost single-minded focus on climate, other environmental exposures may have been forgotten. At least four facets of this risk should be evaluated:

  • Human health risk. Depending on the type of manufacturing operation and equipment, the risk to employees on-site and the community at large can be significant in the event of process failure. Chemical emissions, fires and explosions are deadly and they can have a wide area of impact. Facilities subject to OSHA’s Process Safety Management or EPA’s Risk Management Plan regulations are required to perform off-site consequence analyses that are helpful in assessing the risk, but they are limited to only specifically covered chemicals/processes. Gas-fired boilers and dams/dikes are not covered. When evaluating human health risks associated with your operations, it would be prudent to take a wide view of what may impact employees and the community. 
  • Environmental impact. Similar to human health risk, operational failures or breaches can cause environmental contamination and loss of water bodiess, natural resources, ecosystems/habitat, endangered species and long-tail cleanup liabilities. 
  • Consequential impacts. Catastrophic events at a single location can also start a domino effect of “downstream” consequential impacts. For instance, chemical contamination of food crops, water supplies and residential areas, energy outages at hospitals and critical infrastructure, flooding of other manufacturing facilities or utilities, drinking water safety and loss of public use areas. There is even a possibility of disturbing previously closed environmental disposal sites – Hurricane Katrina flooded a closed municipal landfill, causing not only environmental damage, but also structural instability of the reclaimed land. 
  • Financial exposure. Insurance usually provides a useful financial backstop for unplanned, sudden and accidental losses. However, your coverage likely has significant – or even absolute – exclusions or limitations for terrorist acts, cyber risk, pollution and consequential liabilities. It is advisable to review your insurance policy language in detail to identify and assess any relevant exclusions/limitations and make an informed decision about what to do from there.

Environmental catastrophes are not the first thing that pops into people’s head when the topic of cybersecurity arises, but the potential for these events should be included in corporate risk assessments, cyber security assessments and in ESG materiality determinations. If you haven’t recently evaluated the status of environmental risk and mitigation measures in connection with your cyber risk assessment, now would be a good time to do so – including making sure insurance coverage is appropriate.

If you aren’t already subscribed to our complimentary ESG blog, sign up here: for daily updates delivered right to you.

Back to all blogs

The Editor

Lawrence Heim has been practicing in the field of ESG management for almost 40 years. He began his career as a legal assistant in the Environmental Practice of Vinson & Elkins working for a partner who is nationally recognized and an adjunct professor of environmental law at the University of Texas Law School. He moved into technical environmental consulting with ENSR Consulting & Engineering at the height of environmental regulatory development, working across a range of disciplines. He was one… View Profile