BDO Survey: Public Companies Lack Cyber Security Mitigation Strategies

BDO Survey: Public Companies Lack Cyber Security Mitigation Strategies

According to a new survey by Chicago-based BDO USA (FY15 gross revenue of $1.05 billion), 69% of public company board members report that their board is more involved with cybersecurity than it was 12 months ago.

A similar percentage (70%) say they have increased company investments to defend against cyber-attacks during the past year, with an average budget expansion of 22%. Despite this increase in awareness and resources, just 34% of corporate directors report that they have documented and developed solutions to protect their business’s critical digital assets, BDO reported.

Moreover, less than half (45%) have a cyber-breach response plan in place and only one-third (35%) of directors say their company has developed cyber-risk requirements for their third-party vendors.

“This year’s BDO Board Survey clearly shows that cybersecurity is moving up on the boardroom agenda.  Corporate directors report that they are being briefed more often and they are responding with increased budgets to address this critical area, said Shahryar Shaghaghi, national leader of technology services for BDO Consulting. “Nevertheless, the survey also reveals that there is much work to be done in terms of implementation of cybersecurity mitigation strategies.”

More than one-fifth (22%) of board members say their company experienced a cyber-breach during the past two years, double the percentage of 2013 (11%).

These are just a few of the findings of the 2015 BDO Board Survey, conducted by the Corporate Governance Practice of BDO USA in September 2015.  The annual survey examines the opinions of 150 corporate directors of public company boards regarding financial reporting, executive compensation, risk management and other corporate governance issues.  For the full survey report go to 2015 BDO Board Survey.