How Much Cybersecurity Expertise Do Boards Really Have?
The number of directors at S&P 500 companies who have cybersecurity experience has increased sharply since last year. But the amount of cybersecurity expertise on boards remains relatively low, at a time when boards are under increased scrutiny for security failings. As of Aug.
31, 107 directors at 113 companies had professional experience in cybersecurity, according to research conducted by WSJ Pro Research. Together, those directors held a total of 124 S&P 500 board seats and represented 2.3% of the directors on the boards of companies in the index. This same research conducted last November found 86 directors at 91 companies held 100 board seats.
The increase was probably driven mainly by a growing awareness among companies that cybersecurity is core to their long-term business performance, says Jamil Farshchi, chief information security officer at Equifax and a board director at software company UKG. Cybercrime is a large and growing risk to companies, threatening to disrupt their operations, tarnish their reputation, and expose them to legal action and sometimes regulatory penalties if they fail to safeguard data. An additional incentive to add board members with cybersecurity experience could come from a Securities and Exchange Commission rule passed in July aimed at improving board oversight of cybersecurity risk.
Perception vs. reality The relatively low level of cybersecurity experience among directors found in our latest research contrasts with the findings of a survey undertaken by WSJ Pro Research and the National Association of Corporate Directors earlier this year. In responses to that survey from 472 corporate board directors, 76% said their board had at least one cybersecurity expert, including 19% who
. Read more on livemint.com
