Canadian Underwriter
News

Two-thirds of U.S. board directors of public companies not fully confident that their companies are secure against cyberattacks: study


May 29, 2015   by Canadian Underwriter


Print this page Share

Two-thirds of nearly 200 directors of public companies are not fully confident their companies are properly secured against cyberattacks and almost half said that cybersecurity matters are discussed at “most meetings,” according to a joint study released Thursday by the New York Stock Exchange Governance Services and Veracode, a cloud-based application security services company.

Two-thirds of respondents were “less than confident” in their company’s cybersecurity

The whitepaper, A 2015 Survey: Cybersecurity in the Boardroom, polled nearly 200 directors of public companies in the financial services, technology and healthcare industries to discover how cybersecurity is understood, prioritized and addressed at the board level. Two-thirds (66%) of respondents said that they were “less than confident” that their companies were properly secured against cyberattacks, 29% were “confident” and only 4% were “very confident.” [click image below to enlarge]

Cybersecurity is discussed at most boardroom meetings, the study found

“Cybersecurity has clearly become an important board-level priority, with more than 80% of respondents reporting that cybersecurity is discussed at most or all boardroom meetings,” a joint statement said. “Yet alarmingly, one in five indicated they are only discussed after an internal incident or one in the same industry,” the whitepaper noted, adding that all of the respondents are board directors of public companies, with 78% serving on one to three executive boards.

The results also revealed a “significant disconnect” when it comes to how board members prioritize cyber risk when introducing new technology-based products or services, the statement said. “While it’s refreshing to see cybersecurity risk move higher on the board’s agenda, board members ranked it second to last in priority when developing new products and services (behind other concerns such as competitive differentiation, revenue potential and development costs).” [click image below to enlarge]

Cybersecurity is discussed at most boardroom meetings, the study found

Other findings included the following:

• Respondents listed brand damage, breach cleanup costs (lawsuits, cleanup, forensics, credit reporting) and theft of corporate intellectual property — leading to loss of competitive advantage — as their top three cybersecurity worries;

• More than 70% of respondents reported having significant concerns about the risk posed by third-part software in their supply chains; and

• After a breach, board members said they are more likely to hold the CEO accountable — signalling a shift away from putting the onus squarely on the chief information security officer (CISO).

“When a breach does occur, boards are increasingly looking to the CEO and other members of the executive team to step up and take responsibility,” the study said. “CISOs need to combine their strong technical skills with solid business and communication skills in order to convey security information to the board in terms directors will understand.”


Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *

*