Cybersecurity is a topic of discussion at most board meetings, according to a new survey of 200 corporate directors.
The survey, conducted jointly by NYSE Governance Services and security vendor Veracode, revealed that more than 80 percent of board members say that cybersecurity is discussed at most or all board meetings.
Specifically, 35 percent said that cybersecurity was discussed at every board meeting and 46 percent said it was discussed at most meetings. Only 10 percent said they discussed cybersecurity after an incident in their industry or at their company — and only 1 percent said they never discussed cybersecurity at all.
“It’s become a really serious issue,” said Chris Wysopal, CTO and co-founder at Veracode, a security vendor. “It’s not just an IT issue, or a policy issue, or a compliance issue. It’s becoming a corporate risk issue.”
According to the survey, the board members held the CEO primarily responsible for cybersecurity, with the CIO as the second-most responsible executive.
One example of this is last year’s resignation of Target’s CEO and CIO after that company’s highly-publicized data breach.
This bodes well for corporate security, he said.
“That means you’re going to see the security get a larger budget,” he said. “But also, more importantly, be an issue that the whole company is going to be charged with solving, not just the IT department or CISO.”
However, 66 percent of board members are not confident of their companies’ ability to defend themselves against cyberattacks. Only 4 percent said they were “very” confident…