Cybersecurity is a topic of discussion at most board meetings, according to a new survey of 200 corporate directors.
The survey, conducted jointly by NYSE Governance Services and security vendor Veracode, revealed that more than 80 percent of board members say that cybersecurity is discussed at most or all board meetings.
Specifically, 35 percent said that cybersecurity was discussed at every board meeting and 46 percent said it was discussed at most meetings. Only 10 percent said they discussed cybersecurity after an incident in their industry or at their company — and only 1 percent said they never discussed cybersecurity at all.[…]
Top security concerns
The board members surveyed said that brand damage, data breach costs, and theft of intellectual property were the top concerns when it came to cybersecurity.
However, board members were less interested in specific details of how security was implemented.
Instead, 33 percent preferred to learn about corporate cybersecurity efforts in the form of high-level security strategy descriptions, and 31 percent wanted to learn about risk metrics.
Only 11 percent wanted to see peer comparisons or descriptions of specific security technologies, and only 9 percent wanted to know about the company’s audit and compliance status.
Not surprisingly, while technical skills and experience was the top quality boards wanted to see in a CISO, the rest of the qualifications looked for, in descending order, were business acumen, strong communication skills, ability to take risks, and expertise in crisis communications.
This was the first year that Veracode and NYSE Governance Services conducted the survey, so historical comparison data was not available.
Download the NYSE Survey: