Following the slew of major cyberattacks reported in 2014—the Year of the Breach, according to Forbes—cybersecurity has become a boardroom-level conversation on an unprecedented scale.
The resignation of Target’s CEO and CIO following that company’s breach shows that responsibility is no longer being placed solely upon the CISO, but rather across the entire C-suite. In addition, high-profile vulnerabilities such as Heartbleed and Shellshock illustrate how much businesses rely on widely used open-source and third-party software components that have not been properly vetted for security. Yet there has been little visibility into the role the board is playing in addressing cybersecurity risk for companies.
To that end, NYSE Governance Services, in partnership with Veracode, surveyed nearly 200 directors of public companies representing a variety of industries—including financial services, technology, and health care—to discover how they view cybersecurity in the boardroom. Our goal was to gain insight into how cybersecurity is being understood, prioritized, and addressed at the board level.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program