For those considering creation of a stand-alone board Cybersecurity Committee in lieu of allocating cybersecurity oversight to another standing committee (most typically, the Audit Committee) or the full board, accounting firm Kral Ussery identifies in this article: "Governing Cybersecurity - Cybersecurity committees on the rise" ten standing board Cybersecurity Committees disclosed in proxy statements filed within the past three months - six of which are associated with technology companies.
Sample committee charters include:
According to the most recent Society/Deloitte Board Practices Report, cybersecurity oversight was most commonly delegated to the Audit Committee (54%), although oversight at the full board level represented a significant minority (23%). Relatively few companies reported having a stand-alone Cybersecurity Committee, although - based on the continued expansion of the Audit Committee workload and cybersecurity risks and associated trends, we may likely see an uptick in such committees or, at a minimum, alternatives to oversight by the Audit Committee.
|
This post first appeared in last week's Society Alert! Access numerous additional resources here (Board Cybersecurity Oversight), here (Cybersecurity/Data Privacy Surveys) and here (Board/Governance Practices).
|