The plethora of high-profile data breaches witnessed in the last year certainly lead to increased security awareness, but are corporate directors satisfied with the security processes in place by their own organization?
A recent survey performed by the National Association of Corporate Directors (NACD) shows a significant dissatisfaction among directors regarding the lack of proper cyber and IT risk information provided to the board.
The NACD 2014-2015 Public Company Governance Survey released in December compiled perspectives on governance trends and best practices from more than 1,000 corporate directors.
Of the respondents, more than one-third (36 percent) claimed they were not satisfied with the quality of information from management, while more than half (52 percent) reported the quantity of information was insufficient.
“The indicated lack of information regarding cyber risk may pose a problem even for directors knowledgeable about cyber issues,” said the NACD report. “Although most respondents indicated that they had at least some knowledge regarding cybersecurity risks, many felt they could still improve their understanding.”
Another key finding from annual survey revealed directors’ desire to overhaul their companies’ risk oversight process.
Nearly one in four (24 percent) directors stated “their boards have not assigned risk oversight to the correct group.” About half of respondents (48 percent) also reported their organization’s risk oversight falls under the responsibility of the audit committee. Meanwhile, 34 percent of respondents stated the responsibility is fully assigned to the board.
However, only 30 percent of respondents believe their boards should delegate risk oversight tasks to the audit committee and 52 percent believe it should be assigned to the full board.
“As we continually hear from our members, and as this survey bears out, concerns about cyber risk are top-of-mind for directors today,” said NACD President and CEO Ken Daly.
Other key findings from this year’s survey included:
- Boards are now spending more time on board responsibilities—an average of 278 hours per year.
- Boards are responding to shareholders’ concerns, including executive compensation.
- Boards’ use of formal CEO succession plans is increasing.
To read more, the survey is available for purchase at www.NACDonline.org/survey.