Big Gap in Board Understanding Of Cyber Risks, NACD Survey Finds

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

By Yin Wilczek

June 22 — Boards must significantly improve their understanding of cybersecurity risks, a National Association of Corporate Directors survey finds.

In early findings from its forthcoming “2015-2016 Public Company Governance Survey,” the NACD noted that only 11 percent of respondents believe their boards have a high level of understanding of cyber risks.

Moreover, almost one-third of the outside directors surveyed are dissatisfied with the quality of information provided by management with respect to cybersecurity and risks, while more than half are dissatisfied with the quantity of that information, NACD said in a June 22 release.

Increasing Problem 

Cybersecurity has become a top regulatory and board concern in the wake of several high-profile breaches involving companies in a diverse range of industries. Recent incidents include those at Target Corp., JPMorgan Chase & Co., Anthem Inc. and Home Depot Inc.

In the release, NACD Chief Executive Officer Ken Daly suggested that boards “recognize cybersecurity as an enterprise-wide risk management issue that should be part of every board discussion.”

The organization also recommended that directors take four other steps to improve their oversight of cyber issues:

• understand the legal implications of cyber risk;

• devote regular time on the agenda for cyber risk management;

• expect management to set up a cyber risk management framework; and

• identify which risks to avoid, accept, mitigate or transfer through insurance.


NACD Chief Marketing Officer Henry Stoever told Bloomberg BNA in an e-mail that the full results of the survey will be released at NACD's annual summit in September.

To contact the reporter on this story: Yin Wilczek in Washington at

To contact the editor responsible for this story: Ryan Tuck at

The release is available at

Request Corporate on Bloomberg Law