Knowledge center
Blog Home
Equilar Blog
On Guard: Cybersecurity in S&P 500 Boardrooms, Part 1
October 16, 2015
High profile
data breaches
grab headlines and deservedly so—exposure of private, proprietary information puts businesses, investors, and
consumers at risk. Corporate and large organizational data breaches are increasing in both frequency and magnitude,
as illustrated in this interactive
infographic by
information is beautiful. Indeed, the cultural shift towards the virtual world has many suggesting the protection of data and network systems
should be top-of-mind for corporate boards.
We previously highlighted an analysis of CEOs
with relevant cybersecurity background and experience. Recognizing that the CEO’s direct contribution to mitigating cyber-risk represents
only one piece of the data security puzzle, this post examines board of director committees in the S&P 500 for responsibilities and
oversight of cyber-, information-, and data-security. In part one of a multi-post series, this investigation details the overall prevalence
of committees tasked with oversight of cybersecurity and how those responsibilities are designated in board “technology” committees—where
logic says we might expect to see them.
Out of all S&P 500 board committees, 35 companies described cyber-risk oversight or data security as a key committee responsibility,
according to Equilar’s study. Although 35 companies may seem substantial, the fact remains that 93% of S&P 500 companies do not
explicitly task a board committee with oversight of cybersecurity risk.
Interestingly, however, although board technology committees are reasonably common in the S&P 500, relatively few of them are tasked
with oversight of cybersecurity. While just over 10% of S&P 500 Boards have a designated technology committee—or 52 companies total,
according to Equilar—just five explicitly oversee cyber-risk. Put another way, only 1% of S&P 500 companies task a technology
committee specifically with data security oversight.
If cybersecurity responsibility doesn’t live within technology committees, then who is driving oversight of cyber-risk? Our next
installment will take a deep dive into the specific committees tasked with overseeing data security, despite the fact that no
independently standing cybersecurity committees exist in the S&P 500 universe. Stay tuned.
For more information on Equilar’s research and data analysis, please contact Dan Marcec, Director of Content & Marketing
Communications at
dmarcec@equilar.com.
The data in this article is powered by Equilar’s BoardEdge, a new data platform that features detailed information on
more than 135,000 U.S. board members. BoardEdge not only includes more than a dozen categories about each board member’s
background and leadership experience, but also features a network tool clearly displaying how board members are connected
to each other. This last feature—connection—is unavailable in the marketplace, and it provides investors and companies a
direct application of the data for board assessment, planning and networking.
For more information on BoardEdge, or to request a demo, click here.