Enhancing Board Cybersecurity Disclosures – EY Report

August 29, 2023  

Enhancing Board Cybersecurity Disclosures: EY’s Findings and Insights

EY’s latest analysis, “What board cyber disclosures are telling shareholders in 2023,” explores the evolving landscape of cybersecurity disclosures within Fortune 100 companies over six years. The report emphasizes the rising significance of understanding cybersecurity risks, particularly in the context of AI technologies. Here’s a concise breakdown of key findings and their relevance to cybersecurity and the board:

1. Growing Emphasis on Management Reporting:

• Disclosures on management reporting to the board about cybersecurity rose remarkably to 87% in 2023 from 55% in 2018.
• This reflects a heightened focus on conveying cybersecurity insights to the board and across other levels of management, which is vital to address ongoing cyber threats.

2. Identification of Key Cybersecurity Personnel:

• Designating individuals responsible for board reporting, often the CISO or CIO, surged to 57% in 2023, up from 23% in 2018.
• This signifies the importance of AI-related roles in reporting cybersecurity risks and actions to the board.

3. Strengthened Frequency and Expertise Disclosure:

• Enhanced disclosure of the frequency of management to board reporting, from 37% in 2018 to 83% in 2023, emphasizes real-time vigilance against AI-driven cyber threats.
• Cybersecurity expertise sought on the board amplified to 61% in 2023 from 20% in 2018, acknowledging the need to tackle new cyber risks holistically.

4. Board-Level Committee Oversight and Alignment:

• The allocation of cybersecurity oversight to board committees spiked to 91% in 2023, up from 72% in 2018, signifying recognition of changing environments and AI’s role in cyber defense.
• More companies disclosed alignment with external security frameworks like NIST, ISO and others (25% in 2023, up from 1% in 2018).

5. Role of Director Skills and External Advisors:

• Director expertise in cybersecurity expanded to 61% in 2023 from 20% in 2018, in alignment with growing cybersecurity preparedness.
• Use of external independent advisors rose to 45% in 2023 from 15% in 2018, as part of the new SEC rules requirement in disclosing who assesses, identifies and manages risks from cybersecurity threats.

6. Response Readiness and Disclosure Practices:

• Cyber incident simulations and disclosure rate increased to 16% in 2023, from 3% in 2018, vital for cybersecurity crisis management.
• Adequate cybersecurity breach simulations, now including AI breaches, are essential for ensuring board readiness.

Despite these risks, 35% of board directors polled in an EY analysis say they lack an understanding of the AI-related risks their companies face. Organizations need a board-approved strategy on evolving technologies (e.g., generative AI). – Pat Neimann, EY

In conclusion, EY’s 2023 report illuminates the steady rise in cybersecurity disclosures among leading companies, underscoring the pivotal role of understanding cyber and upcoming AI-related risks. Effective cybersecurity practices, transparent cyber incident disclosures, and vigilant board oversight are critical components of navigating the evolving cybersecurity landscape and ensuring a resilient defense against potential AI-driven threats.

Reference: EY’s “Comparing Cybersecurity Disclosures and Board Oversight Trends” analysis.

To navigate the complex landscape of AI security effectively, staying informed and equipped with the right knowledge and tools is crucial. At cyberconIQ, we specialize in providing comprehensive Security Awareness Training, including new AI Security Awareness content and resources to help with the safe usage of ChatGPT and other LLMs.

Our patented approach to cyber awareness is changing the Security Awareness Training market, empowering individuals and organizations to proactively address emerging threats. Discover how our innovative training programs can help you build a strong defense and embrace a secure and resilient AI-powered future. If you would like to learn more about what we do, contact us today.