Data Privacy & Cybersecurity » Companies That Prioritize Cyber Expertise On Their Boards Increase Shareholder Value

Companies That Prioritize Cyber Expertise On Their Boards Increase Shareholder Value

April 8, 2024


While the US Securities and Exchange Commission has long issued cybersecurity governance guidelines, adherence has been lacking, according to an article by Dark Reading. However, companies investing in cybersecurity saw nearly four times the shareholder value compared to those that didn’t.

Author David Strom cites a joint survey by Bitsight and Diligent Institute titled “Cybersecurity, Audit, and the Board” which examined over 4,000 midsized-to-large global companies, revealing a significant correlation between cybersecurity expertise and shareholder value.

The survey highlighted the importance of specialized committees with cybersecurity experts on boards for improved security posture and financial performance. Ladi Adefala, a cybersecurity consultant, emphasized the necessity of such committees after observing deficiencies in board oversight during his tenure at a Fortune 500 company.

Despite growing awareness, many public companies have neglected cybersecurity governance. The Bitsight report underscored the effectiveness of separate board committees focusing on risk and audit compliance in addressing cybersecurity challenges. However, integrating cybersecurity specialists into existing structures remains crucial for success.

Furthermore, the survey identified discrepancies in cybersecurity expertise among industries, with healthcare and financial services ranking highest and industrial companies lowest. Still, only a small percentage of companies, including 12% of S&P 500 firms, have cybersecurity specialists on their boards.

Strom also cites another study highlighting governance gaps in achieving lasting cyber resilience and limited interactions between board members and Chief Information Security Officers (CISOs), emphasizing the need for boards to discuss cybersecurity-induced risks and mitigation plans.

Ultimately, leveraging cybersecurity is a strategic asset for revenue generation or operational agility, rather than merely an operational necessity.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top