Posted Aug 15, 2012 10:07 am CDT
For the first time in 12 years of surveying general counsel and corporate directors of public companies, data from the “Law and the Boardroom Study” show that data security is the top concern.
The annual survey by FTI Consulting and Corporate Board Member reached out to 1,957 general counsel and 11,340 corporate directors.
The results show that 55 percent of general counsel and 48 percent of directors list data security as their primary concern, outpacing operational risk and reputation, according to a story by Corporate Counsel and the FTI Consulting report.
So what are companies doing about this concern?
Even though data security is top of mind, Corporate Counsel notes that less than half of directors reported having a formal, written crisis management plan for data. More than a quarter reported having no such written plan. and another third were uncertain.
“The real head scratcher, though, is that even in the absence of having a formal crisis-management plan (or at least just knowing whether the company has one), the vast majority of respondents are still comfortable with their ability to respond to a cyberattack,” Corporate Counsel notes, pointing out that the report indicates, “Seventy-seven [percent] of directors and general counsel believe their company is prepared to detect a cyber breach should one occur.”
One director quoted in the report predicts it will take several well-publicized security breaches before a majority of corporate boards do more to create and implement crisis plans.
Corporate Counsel points to another industry, a government entity in fact, that is pushing for better security. The Department of Energy is encouraging power companies to create separate boards devoted solely to cyber-risk governance.