cybersecurity risk assessment

The National Association of Corporate Directors (NACD) recently released the results of its flagship 2017-2018 Public Company Governance Survey, which identifies key areas of concern for corporate directors. This year's survey results contain both troubling and encouraging findings concerning the current state cybersecurity risk readiness at public companies.

Not surprisingly, the survey of 587 corporate directors of 520 public companies identified cyber security threats among the top five trends predicted to have the greatest effect on companies over the next 12 months, trailing behind only risks associated with significant industry change, business model disruption, and changing global economic conditions.

The (Somewhat) Good News

The encouraging news from the survey is that boards seem to be slowly gaining a better understanding of cybersecurity risks, enabling them to better vet and question the information they receive from corporate management about cyber risks. This year, 15 percent of directors believe that their boards have very little or no knowledge of cyber risks, compared with 22 percent in 2015. By any measure, however, 15 percent is a remarkably high number for public companies concerning this critical risk.