Prompted by the SEC’s proposed cybersecurity rules, which would require disclosure of directors with “cybersecurity expertise,” the Wall Street Journal analyzed the publicly available professional profiles of 4,621 S&P 500 directors for relevant experience within the last 10 years. (Experience prior to 2012 was not considered sufficiently relevant based on the passage of time.) Subject to definitional challenges associated with the terminology (see page 44 of the SEC’s proposing release), the analysis, based on data as of November 1, 2022, revealed the following:
- Of the 4,621 director profiles analyzed, 86 directors were deemed to have relevant cybersecurity experience. These 86 directors held 100 board seats at 91 companies as of November 1.
- Cybersecurity experience is most heavily concentrated at financial services and information technology companies (25 directors each, as shown below).
- Among the 86 directors, 38% were professionally active in cybersecurity roles in 2022.
- Seventy-three directors have direct professional experience in IS, IT, or other applicable roles; nine directors have led a cybersecurity company; and four directors have experience working in a cybersecurity leadership role in a government, military or intelligence agency.
As previously reported (see “SEC Investor Committee), this proposed board/director expertise disclosure was widely critiqued and unsupported by companies and investors alike.
Access additional resources on our Cybersecurity/Data Privacy page.
This post first appeared in the weekly Society Alert!