Company board directors say ESG efforts have brought about real benefits, but the political backlash has had an impact
5 min
Many corporate board directors aren’t confident about their ability—or their board’s—to oversee sustainability and social impact issues, even as companies pursue such goals and regulators want more disclosures on environmental, social and governance impact.
Eighty-three percent of directors surveyed said ESG topics were critical knowledge for directors, but less than half considered themselves to have “advanced” or “expert” level knowledge, according to a survey of board directors conducted in July by WSJ Pro in collaboration with the National Association of Corporate Directors.Directors of larger firms and listed companies expressed higher confidence, as did those in the energy industry.Respondents relied on external advisers to build their knowledge.
Other findings were that most believed sustainability efforts had brought real benefits and said ESG engagement with investors had been mostly positive. Directors also said the anti-ESG movement had an impact. They also reported that while about half of big companies had ESG targets—many linked to executive compensation—smaller, private companies lagged behind.
The survey’s 506 respondents covered a range of company sizes and included public, private and not-for-profit organisations from many sectors, with a concentration in financial services, industry, tech and energy. They said their ESG maturity level was across the spectrum: 4% self-identified as industry leaders, 27% as well developed, 36% as somewhat developed, 28% as early stage and 5% hadn’t started with ESG. Overall respondents rated their own ESG expertise slightly higher than that of their fellow board members.
“As a board member, if you’re hoping that ESG is just a fad that will pass with time, we have enough data now from the last 2½ decades to know ESG is here to stay and boards need to be ready,” said Kristin Campbell, general counsel and chief ESG officer of Hilton Worldwide Holdings and board director at ODP and Regency Centers.
Campbell said boards must evaluate ESG as part of the company’s long-term strategy, otherwise activists, regulators, customers or someone else might do it for them, perhaps in a way that will be painful operationally or harmful to their reputation. “It’s that classic story of either you’re at the table or you’re on the menu,” said Campbell.
Alan Smith—responsible for the strategic management of the Church of England’s £10.1 billion (equivalent to $12.6 billion) perpetual endowment fund—said many boards had brushed up on ESG knowledge with in-house training, e-learning packages or advisers to run workshops. A former senior adviser at HSBC on climate and ESG risk and current First Church Estates Commissioner, Smith said he also found it helpful to see projects, such as offshore-wind farms, and speak to their operators in person.
“I think an integrated approach to board director education—of which one important part is getting on the ground and in the mud or on the boat—is very important,” he said.
More than two thirds of directors said their organisations brought in external advisers to complement or build board’s ESG skills, with most advisers providing subject matter expertise (44%), education and training (41%), or research and analysis (37%).
“What we know about ESG will change today and will probably change tomorrow,” Hilton’s Campbell said. “It’s the job of an external adviser to know what’s going to happen next week and next year, which is useful in keeping the board ahead of the game.”
Overall, investors were the most influential stakeholders on board decisions related to ESG strategy, followed by company executives, regulators and customers. For public companies investors were most influential, followed by regulators, while directors of private businesses ranked their customers as top with investors in second place.
Respondents ranked their ESG-related interactions with investors as largely positive or neutral. Seventy-one percent of directors of organisations with investors said their largest ones had engaged with the board over the past 12 months on ESG topics.
However, public and private businesses approached this engagement quite differently. Private company investors most often engaged with the full board or directly with management, whereas public company investors worked most often with individual directors or sometimes with the full board, but rarely with management.
The survey also examined the impact of the rising anti-ESG movement in the U.S. Many boards started their ESG journey in 2020, but, particularly in the last six to 12 months, the extent of the political backlash in the U.S. has made it more complicated, said Smith. “You had a wind that was giving companies and boards energy, and now you have a countervailing wind of political backlash,” Smith said.
As the pressure has mounted, there have been numerous reports of green-hushing—when a company scales back what it says about its climate and social initiatives in corporate communications. The survey found evidence to support this: 7% of directors said their company no longer publicly communicates about its ESG activities, and 14% said their board and management no longer use the term ESG when referring to relevant activities.
Respondents report substantive changes too. One in five said their companies are reassessing their approach to ESG, 12% said they have deprioritised ESG as a critical business issue, and 15% of directors, primarily in smaller private businesses, believe ESG is negatively affecting their business decisions and strategy.
Despite those changes, half of respondents believe ESG will continue to be an important driver of their business decisions and strategy. Nearly as many say their board and management remain committed to ESG as an opportunity for growth and a driver of long-term risk reduction.
While most respondents said ESG is critical knowledge for directors, only 37% of their organisations have set a climate-impact reduction target, although that was 54% for large organisations. Nine out of 10 of those companies with a target said their boards monitored their progress toward those goals and four out of five believed they were achievable.
To encourage management to hit targets, over one quarter of respondents said their company had linked executive pay to ESG goals, and a further 29% were considering doing so in the next 12 months.
“If we’re going to be more serious about ESG and building it into a company’s long-term strategy then I think it needs to be tied to executive compensation like any other [key performance indicator],” Campbell said.
Nearly a fifth of directors surveyed said reducing the impact of climate change is a priority regardless of financial performance. Almost half said it is a priority but not at the cost of financial performance, while the remaining third said it isn’t a priority at all.
Many directors report real benefits from their ESG efforts. In particular it has enhanced their company’s reputation and brand value (57%), risk management and resilience (54%), and ability to attract and retain talent (44% and 40%, respectively).
Climate change was talked about more frequently in 43% of the boardrooms, while in 31% it actually decreased. The topic was discussed at most or every board meeting for 29% of respondents, 36% said it came up at some meetings, and 23% said it was rarely talked about. Only 11%—primarily small, private companies—hadn’t discussed it at all.
Smith said it was particularly important for smaller companies to keep climate change front of mind: “Those that say they aren’t doing anything yet are paradoxically the ones that may be hit first because they’re downstream of big companies setting more immediate net zero carbon neutral targets.”
As well as calling it a business differentiator for small businesses, Smith said a focus on climate impact reduction was “a survival mechanism.”
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
What a quarter-million dollars gets you in the western capital.
Alexandre de Betak and his wife are focusing on their most personal project yet.
CIOs can take steps now to reduce risks associated with today’s IT landscape
3 min
As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.
IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.
“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.
That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.
“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.
While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.
“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.
Automation, and maybe even artificial intelligence-based IT tools, can help.
“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”
An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.
One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.
Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.
Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.
For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.
“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.
If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.
The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.
This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.
The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.
CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.
Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”
