The survey polled board directors and executives from Forbes Global 2000 companies, and the report compares survey results from three previous surveys conducted in 2008, 2010, and 2012.
CYBER GOVERNANCE DRAMATICALLY IMPACTING BOARD EFFORTS
The survey results indicate that, since 2008, boards and executives have been making concerted efforts to address cyber risks. Highlights of the 2015 survey and comparisons against previous survey results include:
- Cybersecurity has risen to become one of the top boardroom issues, with nearly two-thirds (63%) of the survey respondents actively addressing computer and information security, up from 33 percent in 2012.
- Most boards – 53 percent – have established a Risk Committee separate from the Audit Committee, up from 8 percent in 2008, which now has overtaken responsibility for oversight of cyber risk from the Audit Committee.
- Boards today are paying a great deal more attention to cyber insurance coverage – 48 percent of the respondents said their boards were focusing on cyber insurance, up from 28 percent in 2012.
- Boards also are placing a much higher value on risk and security experience when recruiting board directors – 59 percent of respondents said their board had a director with risk expertise, and nearly a quarter (23%) had one with cybersecurity expertise.
QUOTES
'More companies than ever before, including the financial services industry, consider cybersecurity threats a major executive-level problem and are taking significant steps to protect their customers and their businesses,' said FSR president and CEO
'The 2015 Governance of Cybersecurity report clearly reflects a sea change from the attention boards were paying to cybersecurity issues in the 2008, 2010, and 2012 surveys,' said
'It's excellent to see that corporate executives are dramatically increasing efforts to manage cyber risks. Establishing an appropriate dialogue between technical experts and the executives who can prioritize resources is essential to effectively secure an organization. However, this increased attention must be coupled with appropriate action to apply the right combination of people, technology and processes to secure computing environments; this starts with establishing a breach prevention mindset. This study provides a basis for organizations around the globe to start having more discussions on just how to achieve this,' said Ryan Gillis, vice president of Cybersecurity Strategy and Global Policy at Palo Alto Networks.
SECTOR AND GEOGRAPHY STATS SHOW GLOBAL IMPROVEMENTS
The 2015 report compares survey results across critical infrastructure sectors and geographic regions and indicates that all industry sectors increased attention to cyber issues at the board and executive levels. Key findings include:
- The financial sector far exceeds other industry sectors with 86 percent having a board Risk Committee separate from the Audit Committee, followed by the IT/Telecom sector at 43 percent.
- North American and European boards are paying significantly more attention to cyber risks (85% and 58% respectively, up from 40% and 19%), while Asian boards showed no increase in attention to these issues (38% in 2012 and 2015).
- North American board attention to cyber insurance doubled from 2012 (70% in 2015 vs. 35% in 2012), European boards had a 26 percent increase, whereas Asian boards showed a 3 percent increase.
- Most Asian boards (98%) have a Risk Committee, whereas only 43 percent of European boards and 42 percent of North American boards have one.
- The industrial and financial sectors showed the largest increase in attention to cyber issues, and all sectors showed marked improvements in engaging in best practice activities to manage cyber risks.
More detailed financial industry findings can be found in the Financial Services Roundtable press release.
TREMENDOUS PROGRESS STILL LEAVES ROOM FOR IMPROVEMENT
There is still room for improvement; the study shows key challenges remain in some critical areas:
- It is still common for CISOs to report to CIOs (40% do), even though that reporting structure can create segregation of duties issues.
- While 63 percent of respondents said their board regularly or occasionally reviewed their annual security program, only 46 percent said they had participated in a test scenario of the plan.
- Boards need to ensure their organization's security teams have the resources necessary to protect their digital assets; only 50 percent of the respondent boards are reviewing security budgets.
LIVE BROADCAST TODAY FOCUSES ON CYBERSECURITY GOVERNANCE AND STUDY
Cybersecurity governance is the focus of an FSR panel discussion today at
For more information about the panel, and to access a livestream, visit: http://livestream.com/FSRoundtable/CorporateCyberFC15.
For a full copy of the GTISC Governance of Cybersecurity: 2015 Report, visit: http://www.paloaltonetworks.com/resources/techbriefs/governance-of-cybersecurity.html.
For additional insights, visit the
ABOUT THE FINANCIAL SERVICES ROUNDTABLE
The Financial Services Roundtable represents the largest integrated financial services companies providing banking, insurance, payment and investment products and services to the American consumer. Member companies participate through the Chief Executive Officer and other senior executives nominated by the CEO. FSR member companies provide fuel for America's economic engine, accounting for
ABOUT
Located in
ABOUT PALO ALTO NETWORKS
Logo - http://photos.prnewswire.com/prnh/20150527/218856LOGO
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/new-cybersecurity-governance-study-shows-dramatic-increase-in-boards-addressing-cyber-risks-300153166.html
SOURCE
FSR, Erika Reynoso, 202-589-2410, Erika.Reynoso@FSRoundtable.org, GTISC and GA Tech, Jody Westby, 202 255-2700, westby@globalcyberrisk.com, Palo Alto Networks, Jennifer Jasper-Smith, 408-638-3280, jjsmith@paloaltonetworks.com
distributed by |