This level of concern with data security is nearly double the level in 2008, when only 25% of directors and 23% of general counsels listed it as an area of high concern.
Other top concerns of corporate general counsels and directors were operational risks and loss of reputation, according to the survey of 11,340 directors and 1,957 general counsels conducted by FTI Consulting.
“Today, there is arguably no more insidious threat to a public company than that of cyber risk; it’s invisible, ever-changing, and pervasive—making it very difficult for boards to manage. On top of that, it’s costly”, observed FTI’s Legal Risks on the Radar study.
One-third of respondents believe their board is not effective at managing cyber risk; this was one of the least effective ratings among 13 risk management areas surveyed.
The survey also measured disaster planning and business continuity preparedness in the event of a cyberattack. When asked if their company had instituted a plan that would manage a cyber breach or attack should one occur, 42% of directors said their company has a formal, written crisis management plan for that purpose; 27% said their company has no such written plan; and 31% were uncertain.