cyber
TRENDS committees , indicating there is not a significant difference in the ability of the audit committee to oversee cyber-risk compared to a specialised risk committee .
• Analysis of the FTSE 100 and 250 companies in the UK revealed that almost half ( 48 %) have a specialised risk committee , which was the second highest globally , behind Australia ’ s ASX 300 . Similar to France ’ s CAC 40 , 100 % of FTSE 350 companies were also found to have an audit committee which is very much in line with regulatory requirements .
• Having a cybersecurity expert on the general board is not enough – those experts need to be directly involved with cyber oversight . Companies with cybersecurity experts on either audit or specialised risk committees achieve an average security performance rating of 700 , whereas companies with cybersecurity experts on the general board , but not on either committee attain a security rating of 580 .
• Despite the UK ’ s strong cyber performance , just 3 % of UK companies have a cyber expert on their board , supporting the finding that their presence alone may not correlate to having a higher security performance rating .
Methodology
Analyses consists of 4,149 mid to large-cap companies in public indices across Australia , Canada , France , Germany , Japan , the United Kingdom and the United States . Diligent correlated each company ’ s cyber oversight structure with their corresponding security performance data , obtained from Bitsight . The correlation method involved averaging the ratings within each category to identify discernible patterns . Bitsight creates cybersecurity ratings based on externally observable measurements of an organisation ’ s security posture .
Highly regulated industries outperform other industries in cybersecurity performance
• The healthcare sector had the highest average security ratings overall at 730 . Of the companies with advanced security performance ratings , 33 % came from the financial services sector , with an average rating of 720 .
• By comparison , 24 % of companies with basic security performance ratings came from the industrials sector , and the sector with the lowest overall performance rating was the communications sector , at 630 .
“ The research shows that market leading companies that prioritise cyber-risk management outperform their peers ,” said Derek Vadala , Chief Risk Officer , Bitsight .
“ This cannot be achieved without a strong understanding of cybersecurity performance and clear benchmarks shared across the executive team and board . The role of the CISO has shifted . Cyber-risk is a key component of business performance .”
WWW . INTELLIGENTCISO . COM 21