New research shows that cybersecurity is an organization-wide issue, and increased board oversight improves cybersecurity performance
Chief Information Security Officer--(BUSINESS WIRE)--A new report shows that companies with advanced cybersecurity performance deliver 372% higher shareholder returns compared to their peers with basic cybersecurity performance. The report, from Diligent and Bitsight, also shows that highly regulated industries such as healthcare and financial services have the highest cybersecurity ratings. Companies with either a dedicated risk committee or an audit committee have better cybersecurity performance, with ratings of 710 and 650, respectively, compared to companies that have neither a dedicated risk committee nor an audit committee.
Dottie Schindlinger, Executive Director of the Diligent Institute, said: "These findings show that cybersecurity is not just an IT issue, it is a corporate risk that has a significant impact on the company's near-term performance and long-term health, and must be taken seriously by management and boards. With increasing pressure from regulators to require organizations to demonstrate their approach to cybersecurity oversight, now is the time for boards and leaders to build relevant capacity around cyber risk. ”
Dr. Homaira Akbari, CEO of AKnowledge Partners, member of the Board of Directors of Banco Santander and Landstar System, and member of the Advisory Board of Bitsight, added: "Cybersecurity is no longer simply about risk reduction, it is now a key indicator of financial performance. Companies must make cybersecurity a cornerstone of their business strategy, guided by clear, ambitious benchmarks and fully supported by the Board of Directors. ”
In the Cybersecurity, Audit & Board report, Diligent and Bitsight analyzed more than 4,000 large and mid-sized companies in the Global Public Index. Other findings include:
Companies with significantly stronger cybersecurity performance outperform their peers in terms of financial performance
· Over the five- and three-year periods, companies with advanced safety performance ratings had average total shareholder returns (TSRs) of 71% and 67%, respectively, compared to 37% and 14% TSRs for companies with basic safety performance ratings over the same time period.
· Companies with a higher number of independent directors are more likely to receive an advanced safety rating. About 76 percent of the directors on the boards of directors of these companies with advanced safety ratings are independent, compared to 66 percent in the basic safety performance category.
Companies with dedicated risk committees or audit committees perform better in cybersecurity
· The median cybersecurity rating for companies with a dedicated risk committee was 730, while the median cybersecurity rating for companies with only an audit committee was 720, indicating that there was no significant difference in the ability of audit committees to oversee cyber risk compared to dedicated risk committees.
· It is not enough to have only one cybersecurity expert in the ordinary committee, and these experts need to be directly involved in cyber oversight. Companies with cybersecurity experts on audit committees or specialized risk committees have an average security performance rating of 700, while companies with cybersecurity experts on ordinary committees but no security experts on any of the above committees have a security rating of 580.
Highly regulated industries outperform other industries in cybersecurity
· The healthcare industry has the highest overall average safety rating of 730. Of the companies that received a high security performance rating, 33% were from the financial services industry, with an average rating of 720.
· In contrast, 24% of companies with basic safety performance ratings are from the industrial sector, with the lowest overall performance rating being the communications sector at 630.
Derek Vadala, Chief Risk Officer at Bitsight, said: "Research shows that market-leading companies that prioritize cyber risk management outperform their peers. This outcome is not possible without a deep understanding of cybersecurity performance and clear benchmarks shared across the executive team and board. The role of the CISO has shifted. Cyber risk is a critical component of business performance. ”
To learn more about how to earn the Cyber Risk Oversight Certification, click here. To learn more about how Diligent and Bitsight are working together to provide directors with market-leading cyber risk data and insights, click here.
Analytical Methods
The analysis included 4,149 large and medium-sized companies in the public index of Australia, Canada, France, Germany, Japan, the United Kingdom and the United States. Diligent correlated each company's network oversight structure with their corresponding security performance data obtained from Bitsight. The association method involves averaging the ratings in each category to identify recognizable patterns. Bitsight creates a cybersecurity rating based on externally observable measurements of an organization's security posture. Click here to view the full reporting methodology.
About Diligent:
Diligent is a leading GRC SaaS company that helps more than 1 million users and more than 700,000 board members and leaders make better decisions faster. The Diligent One platform helps organizations connect their entire GRC practice, including governance, risk, compliance, audit, and ESG, to articulate complex risks, stay ahead of regulatory changes, and deliver impactful insights in one consolidated view. For more information, please visit diligent.com.
Follow Diligent on LinkedIn, X (Twitter) and Facebook.
About Bitsight:
Bitsight is a global leader in cyber risk management, transforming the way organizations manage their own and third parties' exposures, performance, and risk. Companies rely on Bitsight to prioritize cybersecurity investments, build greater trust within their ecosystem, and reduce the chance of financial losses. Bitsight's comprehensive solutions are built on more than a decade of market-leading innovation to bring value to enterprise security performance, digital supply chain, cyber insurance, and data analytics. For more information, visit bitsight.com or connect with us on LinkedIn.
Disclaimer: The original version of this announcement is the officially authorized version. Translations are provided for convenience only, please refer to the original version, which is the only legally binding version.
View source version press release on businesswire.com: https://www.businesswire.com/news/home/20240326498371/zh-CN/
CONTACT:
Julia Hanbury
Senior Communications Manager, Diligent
![Science and technology cloud report: "The old three" doesn't work, what do you rely on for network security?[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)