Login
Home / All Governance Resources / Surveys & Benchmarking / Board Directors Have Work To Do on Cybersecurity
Surveys & Benchmarking / Board Directors Have Work To Do on Cybersecurity

Future of the American Board

Blue Ribbon Commission Reports

Navigating Your Board Career

Surveys & Benchmarking

Survey Results Part One: Board Directors Have Work To Do on Cybersecurity

By NACD Staff and WSJ Pro Cybersecurity

03/21/2023

Partner Content Provided by WSJ Pro
Cybersecurity Cyber Risk Crisis Management Surveys and Benchmarking Member-Only

WSJ Pro, the Wall Street Journalʼs professional arm, collaborated with NACD to gather survey responses from 472 corporate board directors on the current state of the board membersʼ cyber-risk management expertise and preparedness to deal with cyberattacks. The research provides a snapshot ahead of upcoming rule changes from the US Securities and Exchange Commission.

The research is split over two papers. This paper covers the prevalence of cyber expertise on corporate boards and how those lacking expertise plan to address the gap. The other paper focuses on how directors and management oversee cybersecurity and preparedness for cyberattacks.

Key Points

  • Despite more than three-quarters of boards having at least one cyber expert among the directors, only three in 10 directors rate their board’s ability to oversee a cyber crisis highly.

  • More than one-third of directors representing the energy and utilities industry have no board cyber expert, highlighting vulnerability in the critical infrastructure sector.

  • One quarter of boards without specialist cyber knowledge plan to hire a cyber expert as an independent director, including 31% of public companies, but most are not prioritizing the recruitment.

  • Cyber-specialist board directors increased overall board awareness of cyber risk in 62% of businesses surveyed, but in some cases were unable to contribute more widely to board discussions. 

Background

WSJ Pro, The Wall Street Journal’s professional arm, collaborated with The National Association of Corporate Directors to gather survey responses from 472 corporate board directors on the current state of cybersecurity risk management expertise and preparedness to deal with cyber attacks.

 

This research also provides a snapshot ahead of coming rule changes by the U.S. Securities and Exchange Commission that will require public companies to make standardized disclosures on cybersecurity risk management, strategy, governance, and incident reporting, as well as reporting cybersecurity expertise among board directors. 

Thank you for your interest in this page.

Member-Only Content

For full access, please log in, or explore membership options.
Join NACD

This article was informative.

No

Discover More