There has been a dramatic increase in the number of boards actively addressing cybersecurity risks at Forbes Global 2,000 companies, with the financial industry a leader, according to a new 2015 Governance of Cybersecurity report.
Conducted by the Georgia Tech Information Security Center with support from the Financial Services Roundtable (FSR), Palo Alto Networks and Forbes, the study surveyed respondents at the board or senior level from Forbes Global 2,000 companies that’s a follow up to three prior surveys in 2008, 2010 and 2012 which measured trends and improvements in cyber governance at the boardroom level.
“Cybersecurity threats are a major, executive-level issue and companies are taking significant steps to better protect their customers and their businesses,” said FSR President & CEO Tim Pawlenty.
Cybersecurity is now a boardroom-level issue for nearly two-thirds (63 percent) of the companies surveyed, which is a significant jump from 2012 when only 33 percent of boards were actively addressing computer and information security. The study further found the financial services industry is one of the leading industries in cybersecurity improvements and focus.
“The industry had one of the largest improvements in its cybersecurity focus, with a 35 percent increase, and the percentage of financial sector boards considering cyber risks when reviewing supplier relationships shot up to 64 percent from 38 percent in 2012,” the report’s announcement stated, noting that, “The financial sector is the only sector to have 100 percent Chief Risk Officers, who play a key role in the overall cybersecurity outlook of financial institutions and businesses.
Financial sector boards also had more board Risk/Security Committees and IT/Technology committees than any other sector in both the 2012 and 2015 surveys, and the sector leads in the percentage of CISOs it employees (88 percent). The financial sector far exceeds other industry sectors in having a board Risk Committee separate from the Audit Committee, with 86 percent of boards in the financial sector having a separate Risk Committee.
“The 2015 Governance of Cybersecurity report clearly reflects a sea change from the attention boards were paying to cybersecurity issues in the 2008, 2010, and 2012 surveys,” said Jody Westby, author of the series of survey reports and CEO of Global Cyber Risk, LLC and adjunct professor at Georgia Institute of Technology. “This report shows that, for the first time, directors and officers understand they have a fiduciary duty to protect the digital assets of their companies and are paying more than cursory attention to cyber risks; it is a welcome change that will help protect shareholders and customers.”
“It’s excellent to see that corporate executives are dramatically increasing efforts to manage cyber risks," said Ryan Gillis, vice president of Cybersecurity Strategy and Global Policy at Palo Alto Networks. "Establishing an appropriate dialogue between technical experts and the executives who can prioritize resources is essential to effectively secure an organization. However, this increased attention must be coupled with appropriate action to apply the right combination of people, technology and processes to secure computing environments; thisstarts with establishing a breach prevention mindset. This study provides a basis for organizations around the globe to start having more discussions on just how to achieve this."
To read Palo Alto Networks statement on the study, visit the Palo Alto Networks Research Center here: http://researchcenter.paloaltonetworks.com/2015/10/all-eyes-on-the-boardroom.
To read the Georgia Tech Information Security Center’s statement on the study, contact Adjunct Professor Jody Westby at [email protected].
