Companies with advanced cybersecurity performance have nearly four times the shareholder return than peers with more basic cyber postures, according to a new analysis by Diligent and Bitsight.
The report should be welcome news for cyber teams in SEC-regulated companies jockeying for resources as they continue to adapt to the agency’s new cybersecurity disclosure regulations.
“Cybersecurity is not just an IT problem — it is an enterprise risk that has material impact on a company’s near-term performance and long-term health, and one that management and the board needs to be up to speed on,” said Dottie Schindlinger, executive director of the Diligent Institute. “With increased pressure from regulators for organizations to demonstrate how they oversee cybersecurity, now is the time for boards and leaders to build their competency around cyber risk.”
The average total shareholder return for companies with advanced security performance ratings over five- and three-year periods was 71% and 67%, respectively, while companies in the basic performance range delivered 37% and 14% return over the same periods.
Other findings from the report include:
- About 76% of directors on the boards of companies with advanced security ratings are independent, compared to 66% in the basic security performance category.
- Companies with cybersecurity experts on either audit or specialized risk committees achieve an average security performance rating of 700, whereas companies with cybersecurity experts on the general board, but not on either committee attain a security rating of 580.