Follow ACC Docket Online:  

How ESG Provides Investors Useful Information

In the era of COVID-19, a robust response to the threat of an economic decline requires more than liquidity. As such, investors are looking for indicators of holistic strength other than a company’s financial information. The Wall Street Journal suggests that Environmental, Social, and Governance (ESG) performance may fulfill this need, reporting that “70 percent of ESG funds across all asset classes performed better than their counterparts” in 2020. To better appreciate the dynamics at play, it helps to understand what ESG standards are and how they apply to a company.

As the general counsel and ESG program leader for Zix, a small-cap tech company, I have studied ESG standards in detail and have found that it overlaps with known practices for strengthening a company. Such practices include obtaining cost-savings benefits through energy efficiency, building a culture that improves employee performance and engagement, and sustaining trust with customers through proper data security governance. By making these details transparent within a standardized framework, ESG can provide investors with useful information about a company’s strength and crisis preparedness.  

Setting ESG standards  

Standards organizations publish guidance for reporting ESG performance. One such organization, the Sustainability Accounting Standards Board (SASB), models its standards after the Financial Accounting Standards Board (FASB) and its guidance for financial statement reporting. This approach gives it an investor focus. SASB, like the other standards organizations, measures performance with three categories:  

  • Environment: Focusing on environmental impacts, such as using sustainable resources or releasing harmful materials into the environment 
  • Social: Covering two facets of societal impacts: social capital, which relates to an expectation that a business will contribute to society and manage relationships with key outside parties, such as customers, local communities, the public, and the government; and human capital, which relates to the management of a company’s human resources to deliver long-term value. 
  • Governance: Detailing the management of business issues that conflict with broader public interests, creating liability risk. This includes regulatory compliance, risk management, safety management, supply-chain and materials sourcing, conflicts of interest, anticompetitive behavior, corruption, and bribery.  

In addition, SASB emphasizes that a company’s business model and innovation are important factors in ESG performance. That is, ESG covers the full range of a company’s activities. 

Two examples illustrate how ESG overlaps with practices that holistically strengthen a company. The first comes from my own company Zix. We implemented practices intended to build strength and, on later review, found these practices fit closely with the ESG standards.  

Example 1: Building resiliency  

Zix is a leading provider of cloud email security, productivity, and compliance solutions. As a mature company, Zix has an experienced management team well-grounded in our corporate values. Independent of a formal ESG plan, Zix management launched multiple initiatives to enhance business resiliency: 

Engineering operations 

The data center operations team upgraded the efficiency of our data center beginning in the third quarter of 2011, resulting in reduced energy consumption years afterward, even as processing requirements increased. The head of the data center issues a quarterly report on data center energy usage. These efforts resulted in ongoing cost savings.  

Human Resources 

After a transformative acquisition in 2018, Zix executed a months-long culture and values development process to bring all parts of the company together as one team. Zix then initiated a Zix Cares program, in which cultural ambassadors solicit input and monitor employee care, as well as coordinate community volunteer efforts.  

In addition, Zix implemented the “Objective Key Result” process to manage and align individual and company goals, including goals for individualized learning. These efforts have resulted in increased employee engagement and improved performance, especially in the implementation of new ideas and techniques directly attributable to our learning initiative.  

Chief Information Officer (CIO) 

Zix adheres to SOC2-Type II, including applicable business continuity and vendor management practices, and ISO 27001 for its email encryption and other security products. Also, Zix engineers hold a detailed quarterly security governance meeting, which provides detailed status on the broad range of threats and mitigations across the company involving business continuity, cyber and physical security, and personnel turnover.  

The established Zix culture of commitment to security consistently pays off and builds customer trust. For example, we scheduled a security breach table-top exercise on March 3, 2020, and added pandemic business continuity preparedness to formally go over our pandemic response plan with key stakeholders.  

[Related: Business Ethics: Get in the ESG Game]

These initiatives align to the three ESG categories and have clearly strengthened Zix business operations. ESG highlights this information for investors as they consider opportunities. The Zix efforts to strengthen the company fit within ESG in the following ways: 

  • Environmental: While our data center efficiency initiative reduced our costs, it also comports with ESG requirements to reduce energy consumption, which benefits the environment.  
  • Social: Our acquisition and other HR efforts strengthened performance and employee engagement, as well as fulfilled social requirements under ESG with employees enjoying the benefits of well-being, comradery, and career development. 
  • Governance: Our CIO work to maintain cybersecurity and business continuity protects Zix customers and their data. We built customer trust while also managing legal compliance and risk, thus showing strong governance under ESG. 

Furthermore, Zix’s participation in the Institutional Shareholder Services Corporate Ratings ESG program resulted in an award of “prime” status for these types of efforts, letting investors know our practices put Zix ahead of industry peers.  

Example 2: Recovering from the pandemic 

The second example of how ESG overlaps with company strengthening practices involves comparing ESG requirements to the actions companies are taking to recover from the pandemic. Here is a side-by-side comparison matching crisis advice from McKinsey & Company to ESG factors:  


McKinsey advice
ESG factors
Build operations resilience
Managing systemic risks from technology disruptions (governance)
Accelerate digital adoption
Data privacy and security (governance)
Rethink the organization
Manage a diverse & skilled workforce (social)

The close alignment of the three items suggests that an investor can review ESG information to obtain additional insight into a company’s preparedness for the crisis. First, operational resilience means redesigning “operations and supply chains to protect against a wider and more acute range of potential shocks.” 

This directly corresponds to ESG governance, specifically the management of disruption risk and business continuity. ESG information about business continuity lets an investor know that a company has recognized the risk of service disruption and prepared itself for possible threats. 

[Related: Information Governance Strategies for When Employees Have to Work from Home]

Second, to return strong out of the crisis, companies must keep up with the accelerating speed of how all industries are migrating to digital. But going digital is only sustainably possible with data security and procedures to respect privacy laws. Information investors obtain through ESG can inform them that a company has an appropriate foundation for increased digital adoption.  

Lastly, rethinking an organization for business after the COVID-19 crisis will “call for substantial investment in workforce engagement and training in new skills” to take advantage of opportunities. Companies must also have a strong culture, make quick decisions, and have a workforce that can identify new ways to grow the company. The Social area of ESG corresponds to this. Specifically, ESG standards track and inform on issues like workforce engagement, learning, and diversity that investors can consider when evaluating a company’s capacity to rethink itself.  


These two examples validate the interest ESG has been receiving lately as a useful investing tool that augments financial reporting. Building for strength, like Zix has, and implementing best practices for recovering from COVID-19 challenges can align the company with ESG standards.. Savvy investors can use the information provided through the framework of ESG standards to better evaluate the strength of companies and anticipate performance.

For more advice and information on the coronavirus pandemic, visit the ACC COVID-19 Resource Center.

About the Author

Noah Webster oversees all legal, governance, ESG, and risk management matters for Zix Corporation as its general counsel and secretary. Although he enjoys compliance work, he has a preference for closing deals.

Noah thanks business transformation and risk management expert Dan Salenger of BDO USA, LLP for his insight and valuable suggestions.

The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.