In September 2020, Deloitte and the Society for Corporate Governance announced the collaborative launch of the Board Practices Quarterly, a new series of periodic reports based upon brief surveys of Society members. The Quarterly replaces our long-standing Board Practices Report to bring you insights and benchmarking data more frequently.
With breaches continuing to dominate the headlines, cyber-security and cyber risk remain among the top areas of investor, regulator, consumer, and other stakeholder focus, with growing pressure for businesses of all types and sizes to articulate how they are actively managing and mitigating the risks. Boards are expected to be well-informed about their company’s cyber posture and to demonstrate effective oversight. These pressures and expectations have multiplied with new challenges prompted or accelerated by the COVID-19 pandemic, such as remote work, increased use of personal devices, use of new technologies that may lack security protections, budget and resource constraints, and expanded scope cyberattacks that have flourished in the changed environment.
This issue of the Board Practices Quarterly presents findings from a March 2021 survey of in-house members of the Society for Corporate Governance about how their companies’ boards oversee cybersecurity and cyber risk—including matters relating to board composition and structure, management’s reporting to the board, board information sources, and shareholder engagement—as well as voluntary corporate disclosure practices.