How does board oversight impact cybersecurity performance?

The rapid escalation in the frequency and severity of cyber incidents has positioned cyber risk as one of the foremost challenges confronting boards. With cyber threats becoming increasingly sophisticated and pervasive, boards are under mounting pressure to effectively address cybersecurity risks to safeguard their organizations’ interests. However, the approaches boards take to address cyber risk vary, prompting questions about the effectiveness of different governance structures and strategies.

Diligent Institute and Bitsight, recognizing the need for deeper insight into board practices regarding cybersecurity oversight and the impact they have on organizations, set out to better understand how boards are addressing cyber risks and the outcomes of these approaches. Through this report, we aim to shed light on several key questions:

  • Is there a relationship between cybersecurity performance and financial performance?
  • Do companies demonstrate better performance in cybersecurity when specialized committees are established for oversight, versus assigning cyber risk oversight to the audit committee?
  • Does audit committee oversight of cyber risk correlate with security performance? Does the presence of cyber experts on boards correlate with security performance?
  • What else might we learn about cyber risk governance from companies that have high security performance ratings?

By addressing these questions, we aim to provide actionable insights that can inform best practices in corporate governance and enhance the structural oversight of cyber risk.