Login Register Subscribe
Current Issue

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Boards have awakened to the cybersecurity threat: survey

Reprints

There has a “huge shift” in the past three years of greater corporate board focus on cybersecurity issues that is due in part to several large, well-publicized data breaches, a researcher says.

Sixty-three percent of boards today are actively addressing and governing computer and information security, up sharply from 33% in 2012 — the most recent year Global Cyber Risk P.L.C. CEO Jody R. Westby conducted the study through the Georgia Tech Information Security Center in Atlanta.

Governance of Cybersecurity: 2015 Report by the Washington-based cyber risk consultant is based on results from 121 board-level or senior executive-level respondents.

Driving the increase “was the whole series of events that have occurred” since Target Corp.'s breach, as well as the unsuccessful calls for votes against its directors' re-election, Ms. Westby said.

Shareholder derivative litigation filed against Target and other firms “and more willingness by courts to hear those cases” has made directors realize they are “now in the bull's-eye and they needed to pay attention to cyber and govern those risks,” Ms. Westby said.

“Much of it is self-interest,” she said. “They don't want it to happen to them. That's OK, because they're protecting their organization by trying to do a better job of managing the risk,” she said.

Among other survey results, boards also are reviewing their cyber insurance coverage more frequently. For example, 62% of boards overseeing energy firms and utilities said they reviewed their cyber coverage in this year's survey versus just 14% in 2012.

Companies are realizing they do not have a cyber risk strategy, and appropriate insurance helps them manage that risk, said Ms. Westby.

In addition, 50% of respondents said their board regularly or occasionally reviews and approves annual budgets for privacy and information technology security programs, up from 41% in 2012.