Deloitte and the Society for Corporate Governance have published the newest Board Practices Quarterly, with this issue exploring how corporate boards oversee cybersecurity and cyber risk — including matters relating to board composition and structure, management’s reporting to the board, board information sources and shareholder engagement — as well as voluntary corporate disclosure practices.
Key findings include:
- Cyber experience: About 70 percent of large-, mid-cap and private companies report having one or more board members with cyber experience. Eleven percent said cyber experience is a top recruitment priority in the next one to two years among public companies, whereas no private companies reported this as a recruitment priority.
- Frequency of cyber and cyber risk on full board meeting agendas: Cyber is on the agenda annually for 40 percent of large-cap and 52 percent of mid-cap companies. Nearly 77 percent of private companies said that cyber and cyber risk is on the full board meeting agenda annually.
- Board resources: More than 90 percent of large- and small-cap companies and 85 percent of mid-cap and private companies cited management expertise as the most common resource the board uses to stay current on cyber risk.