With 1,517 publicly-traded U.S. organizations to date submitting securities filings with the terms “data breach,” “hacking,” “cybersecurity” and “hacker” as potential business risks according to a Wall Street Journal analysis, cyber threats are getting more attention. If you compare this to 2012, you will find a 42% increase in the number of organizations listing these terms as business risks. Combine this increase with media coverage of familiar companies like Target, eBay and Michael’s who have fallen victim to cybersecurity breaches, it is not surprising that corporate boards are focusing on cyber threats and asking the C-suite what steps are being taken to prevent potential breaches.
Regardless of size and industry, companies with an IT infrastructure connected to the Internet possess this vulnerability. The boards that have recognized the impact of this vulnerability have been more involved in laying the foundation to address it. At Kellogg’s, the board regularly discusses cybersecurity at its meetings to deal with concerns that hackers might find a way to steal intellectual property for Kellogg’s cereals and snack foods. In anticipation of this issue, Kellogg’s board set up a security group and hired its first chief information security officer back in 2012.
In addition to Kellogg’s, other notable companies are taking action to shore up cyber defenses. According to the Wall Street Journal, Exxon Mobile regularly tests employees to determine if they respond to phishing emails. Delta Air Lines even added a board member who possesses expertise in IT security. These actions align with the research of Enterprise Strategy Group that found 69% of security professionals report boards and executive management are more engaged in cybersecurity awareness and strategy than they were two years ago. Although this finding is encouraging, it is not sufficient to completely allay concerns. Given the potential consequences of cybersecurity breaches, this increase in engagement needs to continue to be a regular part of boardroom and executive team agendas. For more information, see the Fortune magazine interview with Cisco’s chief security officer.