Shearman & Sterling's recently-released and always highly-anticipated report on its annual Corporate Governance & Executive Compensation survey contains an abundance of benchmarking data for the 100 largest US public companies, as well as a focused review of and practical guidance and tips on a number of hot topics - including corporate culture, cybersecurity, board diversity, #MeToo developments, and voluntary proxy statement & website board/governance practices disclosures.
The report's deep dive on board cybersecurity oversight is particularly share-worthy in view of the pervasive cyber threats, the SEC's recently-updated disclosure guidance, and the presumably associated evolving practices in this area.
Key year-over-year benchmarking results include:
- 84 companies disclosed in their 2018 proxy statements that the board and/or a board committee had responsibility for cybersecurity matters, compared to 59 in 2017.
- 35 specifically identified directors with cybersecurity or data security experience - up from 29 in 2017.
- 85 companies identified cybersecurity as part of the board's oversight role over risk management, compared to 58 in 2017.
- 70 companies in 2018, compared to 53 in 2017, attributed responsibility for cybersecurity and/or data security/privacy to the board and board committee. The number of companies that didn't address board/committee responsibility at all dropped dramatically from 41 in 2017 to 16 in 2018.
- For those companies citing committee involvement, the Audit Committee remained the most popular (61 companies in 2018 vs. 41 in 2017), followed by Risk (13 companies vs. 9 in 2017).
|
Access numerous additional benchmarking resources on our Board/Governance Practices page. This post first appeared in this week's Society Alert!
|