As The Wall Street Journal reports, citing research by its own WSJ Pro Research team, 107 directors at 113 companies in the broad Standard & Poor’s 500 index had professional cybersecurity experience at the end of August. These directors collectively held 124 S&P 500 board seats between them. That’s up from 86 directors at 91 companies holding a total of 100 board positions in November 2022, according to WSJ Pro Research.
Jamil Farshchi, chief information security officer at Equifax and a board director at UKG, told the Journal that the rise was likely down to increasing recognition of the long-term business significance of cybersecurity. A rule adopted by the Securities and Exchange Commission in July also encouraged boards to include members with cybersecurity backgrounds.
Another new study corroborates the relatively low level of cybersecurity expertise in corporate boardrooms. As Security Magazine reports, research by NightDragon and Diligent has found that only 12% of S&P 500 companies have an expert with specialized cybersecurity experience on their boards. What’s more, 57% of S&P 500 companies lack specialized experience in other technology categories.
Unsurprisingly, then, as Infosecurity Magazine reports, new research by cybersecurity consultancy Savanti has found that board members often struggle to understand cybersecurity risk.
In another WSJ Pro Research poll conducted earlier this year with the National Association of Corporate Directors, 76% claimed that their board had one or more members with cybersecurity expertise. Indeed, 19% claimed to have three or more cybersecurity experts on their board.
Shamla Naidoo, head of cloud strategy at cybersecurity company Netskope and former CISO of IBM, told the Journal that given the impracticality of having a cybersecurity specialist on every board, the goal should be “a cyber-savvy boardroom with numerous knowledgeable directors.”