Cybersecurity oversight disclosures: what companies shared in 2024

URL:

https://www.ey.com/en_us/board-matters/cyber-disclosure-trends?WT.mc_id=10863628&AA.tsrc=paidsearch&s_kwcid=AL!10073!3!729302783649!p!!g!!cyber%20risk&gad_source=1&gad_campaignid=22137856000&gbraid=0AAAAACSW8QiZlOgC_Jc2V_UK5AozUnYzX&gclid=Cj0KCQjw2ZfABhDBARIsAHFTxGwKQ3i8Fd8bZUG0SUNeR2iap6Vd9tBTDbMazIErz1ziOeb8qhiJ9bkaAglWEALw_wcB

Abstract:

This report analyzes the changing trends in cybersecurity disclosures among Fortune 100 companies from 2018 to 2024, providing investors with “a wide variety of cybersecurity risk management and oversight information, including how the board is governing cyber risk”.
As cyber threats have become more frequent and sophisticated, an increasing number of companies are appointing at least one board member with cybersecurity expertise. Education and training initiatives to address these threats have also grown significantly, rising from 15% in 2018 to 82% in 2024. Similarly, collaboration with external experts increased from 6% in 2018 to 28% in 2024. These trends reflect the growing demand for both internal and external cybersecurity expertise within companies.
Additionally, the report shares ten “leading practices” to help boards navigate challenges. These practices include: “elevating the tone from the top, maintaining diligence, determining value at risk, leveraging new analytical tools, embedding security from the start, conducting independent assessments, evaluating third-party risk, testing response and recovery protocols, understanding escalation procedures, and monitoring the regulatory and policy landscape”. For each of these practices, the report offers concrete, actionable recommendations.

Author:

Barton Edgerton, Pat Niemann

Year:

2024

Domain: Cybersecurity & Sustainability

Dimension: Scientific & Technology Responses

Region: North America

Data Type: Reports