Blogs

A&O Shearman's recently released report on its annual "Corporate Governance & Executive Compensation Survey" contains an abundance of benchmarking data for the 100 largest US public companies (listed at the end of the report) based on publicly available resources as of June 1, 2024, as well as a focused review of a number of hot topics including proxy advisors, E&S shareholder proposals, GenAI governance, Delaware law developments, and the impacts on US companies of EU sustainability disclosure requirements.

The report's deep dive on cybersecurity disclosure practices is particularly noteworthy in view of the still relatively new SEC risk management, strategy, governance, and incident reporting requirements. Key benchmarking results include:

• Directors with cybersecurity experience—88 companies identified directors with cybersecurity experience compared to 56 in 2022.
• Board cybersecurity/privacy oversight—Up slightly from 93 in 2022, 96 companies delegate responsibility for cybersecurity and/or data security/privacy to a board committee, most commonly, the audit committee, while just four companies retain oversight only at the full board level.

• Management responsibility—Just over half of companies identified two or more members of management responsible for cybersecurity and/or data security/privacy (most commonly, the CISO and/or CIO), while eight companies identified none.
• Management experience—More than three-quarters of companies described the experience of the accountable member of management in terms of years of experience, while 19 expressed experience in terms of education and/or certifications (in addition to or in lieu of years of experience). 

See the firm’s release and numerous additional benchmarking resources on our  topic-specific pages.

                          This post first appeared in the weekly Society Alert!