No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Public Company Boards Increase Time & Resources on Cybersecurity, Yet Lack Mitigation Strategies

by Corporate Compliance Insights
November 2, 2015
in Cybersecurity
Public Company Boards Increase Time & Resources on Cybersecurity, Yet Lack Mitigation Strategies

BDO survey identifies need to document and protect digital assets, develop cyber incident response plans and third-party cybersecurity requirements

Chicago, IL – According to a new survey by BDO USA, LLP, one of the nation’s leading accounting and consulting organizations, more than two-thirds (69 percent) of public company Board members report that their Board is more involved with cybersecurity than it was 12 months ago and a similar percentage (70 percent) say they have increased company investments to defend against cyber attacks during the past year, with an average budget expansion of 22 percent.  Despite this increase in awareness and resources, just one-third (34 percent) of corporate directors report that they have documented and developed solutions to protect their business’ critical digital assets.  Moreover, less than half (45 percent) have a cyber-breach response plan in place and only one-third (35 percent) of directors say their company has developed cyber-risk requirements for their third-party vendors.

“This year’s BDO Board Survey clearly shows that cybersecurity is moving up on the boardroom agenda.  Corporate directors report that they are being briefed more often and they are responding with increased budgets to address this critical area, said Shahryar Shaghaghi, National Leader of Technology Services for BDO Consulting.  “Nevertheless, the survey also reveals that there is much work to be done in terms of implementation of cybersecurity mitigation strategies, as only one-third of Board members indicate they have both identified and developed solutions to protect their critical digital assets.  It is especially troubling that less than half of the directors believe their company has a cyber-incident response plan in place and only one-third have cyber-risk requirements for third-party vendors – a major source of cyber-attacks.”

More than one-fifth (22 percent) of Board members say their company experienced a cyber breach during the past two years, double the percentage of 2013 (11 percent).  This increase has clearly spurred action in corporate boardrooms.

Trending Positive

The percentage of directors reporting increased involvement in cybersecurity (69 percent) and in cyber budgets (70 percent) represent substantial increases from 2014 when 59 percent of directors cited an increase in time spent on digital security and just over half (55 percent) reported an increase in cybersecurity investments.

The vast majority of directors (87 percent) indicate that they are briefed on cybersecurity at least once a year – this includes one-third (33 percent) who are briefed at least quarterly.  This represents a substantial increase from 2014, when 71 percent reported at least an annual briefing and only one quarter (25 percent) were briefed at least quarterly.  Equally revealing, just 13 percent of Board members say they are not briefed on cybersecurity at all, compared to 29 percent last year.

At least one-quarter (28 percent) of Board members say their company has purchased cyber insurance, almost triple the percentage (10 percent) that reported purchasing this coverage in 2014.

Work to be Done

When asked about formal risk assessments of their critical digital assets, only one-third (34 percent) of directors report that they have completed documentation of their business’ critical digital assets and developed solutions to protect them, while a similar percentage (32 percent) say they’ve identified their critical digital assets, but a solution strategy is still in process.  Approximately one-fifth (19 percent) of Board members say they are still working to identify critical digital assets, while 15 percent indicate their company has done no work to identify and protect their digital assets.

Less than half (45 percent) of corporate directors say their company has a cyber-breach/incident response plan in place, compared to one-third (34 percent) who do not have a plan.  More than one-fifth (21 percent) of Board members weren’t sure whether they had such a plan.

Just over one-third (35 percent) of directors say their company has developed cyber-risk requirements that their third-party vendors must meet and only 5 percent of directors are aware of their company having to change a vendor due to cyber-risk concerns.  Since third-party vendors are one of the main sources of cyber attacks, these findings reveal a significant cybersecurity blind-spot at the Board level.

These are just a few of the findings of the 2015 BDO Board Survey, conducted by the Corporate Governance Practice of BDO USA in September 2015.  The annual survey examines the opinions of 150 corporate directors of public company Boards regarding financial reporting, executive compensation, risk management and other corporate governance issues.  For the full survey report go to 2015 BDO Board Survey.

BDO USA’s Corporate Governance Practice is a valued business advisor to corporate Boards.  The firm works with a wide variety of clients, ranging from entrepreneurial businesses to multinational Fortune 500 corporations, on a myriad of accounting, tax, risk management and forensic investigation issues.

About BDO USA

BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, financial advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals.  The firm serves clients through 63 offices and more than 400 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multinational clients through a global network of more than 1,300 offices in over 150 countries.

BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. For more information please visit: www.bdo.com.


Previous Post

Keep Managers’ C&E Duties Top of Mind to Improve Compliance

Next Post

ACA Compliance for Small Businesses: The Challenges and Opportunities

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post
ACA Compliance for Small Businesses: The Challenges and Opportunities

ACA Compliance for Small Businesses: The Challenges and Opportunities

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT