Knowledge center Blog Home

Equilar Blog

On Guard: Cybersecurity in S&P 500 Boardrooms, Part 1

October 16, 2015

High profile data breaches grab headlines and deservedly so—exposure of private, proprietary information puts businesses, investors, and consumers at risk. Corporate and large organizational data breaches are increasing in both frequency and magnitude, as illustrated in this interactive infographic by information is beautiful. Indeed, the cultural shift towards the virtual world has many suggesting the protection of data and network systems should be top-of-mind for corporate boards.

We previously highlighted an analysis of CEOs with relevant cybersecurity background and experience. Recognizing that the CEO’s direct contribution to mitigating cyber-risk represents only one piece of the data security puzzle, this post examines board of director committees in the S&P 500 for responsibilities and oversight of cyber-, information-, and data-security. In part one of a multi-post series, this investigation details the overall prevalence of committees tasked with oversight of cybersecurity and how those responsibilities are designated in board “technology” committees—where logic says we might expect to see them.

Out of all S&P 500 board committees, 35 companies described cyber-risk oversight or data security as a key committee responsibility, according to Equilar’s study. Although 35 companies may seem substantial, the fact remains that 93% of S&P 500 companies do not explicitly task a board committee with oversight of cybersecurity risk.

Interestingly, however, although board technology committees are reasonably common in the S&P 500, relatively few of them are tasked with oversight of cybersecurity. While just over 10% of S&P 500 Boards have a designated technology committee—or 52 companies total, according to Equilar—just five explicitly oversee cyber-risk. Put another way, only 1% of S&P 500 companies task a technology committee specifically with data security oversight.

If cybersecurity responsibility doesn’t live within technology committees, then who is driving oversight of cyber-risk? Our next installment will take a deep dive into the specific committees tasked with overseeing data security, despite the fact that no independently standing cybersecurity committees exist in the S&P 500 universe. Stay tuned.

For more information on Equilar’s research and data analysis, please contact Dan Marcec, Director of Content & Marketing Communications at

The data in this article is powered by Equilar’s BoardEdge, a new data platform that features detailed information on more than 135,000 U.S. board members. BoardEdge not only includes more than a dozen categories about each board member’s background and leadership experience, but also features a network tool clearly displaying how board members are connected to each other. This last feature—connection—is unavailable in the marketplace, and it provides investors and companies a direct application of the data for board assessment, planning and networking.

For more information on BoardEdge, or to request a demo, click here.

Previous post Next post

Media Inquiries

(650) 241-6655

executive insider

Subscribe to our Newsletter to stay informed about upcoming events and webinars.