TheCorporateCounsel.net

According to a recent survey by the WSJ and NACD completed in anticipation of the SEC’s long-awaited adoption of cybersecurity governance disclosure rules, it appears that while many companies have a cyber expert on their boards, directors aren’t entirely comfortable with their companies’ level of cyber-readiness:

Crisis management readiness is a top challenge for the board directors surveyed, with 45% of respondents indicating that this is a major concern. Sooner or later, most boards of directors will find themselves faced with a cyber crisis situation and their ability to respond could have significant effects for the future of the company. Only three in 10 respondents rated their board’s ability to oversee a cyber crisis as ‘expert’ or ‘advanced’.

Over three-quarters of respondents said their board has at least one cyber expert among the directors, but over one-third of the energy and utilities industry had no board cyber expert, which is a significant concern given the critical role played by energy and utilities companies.

Almost 2/3rds of survey respondents said that the greatest benefit of having a cyber expert as a director is improvement in the board’s general awareness of cyber risks. Unfortunately, however, less than half of respondents said that these cyber experts added other value to the board – thus making many of them “one trick ponies.”

– John Jenkins