What If Cyber Savvy Boards & Smart Investments In Cybersecurity Are Linked to Better Shareholder Returns

What if organizations that invest from the top down in cybersecurity are not only more secure but it was found that they were a better return on investment for shareholders?

A research study performed by Diligent and Bitsight finds that advanced security, strong risk committees and robust audit committees are good predictors of an enterprise’s future financial successes.

The research study has four key findings that are worth inspecting and understanding:

1. "Companies with advanced security ratings create nearly four times the amount of value for shareholders as companies with basic security ratings. On average, the Total Shareholders’ Return (TSR) over three and five years for companies in the advanced security performance range is approximately 372% and 91% higher, respectively, than their peers in the basic security performance range."
2. "Companies with a specialized risk or audit committee had higher security performance ratings on average. Companies falling within these two categories have an average security rating of 710, whereas companies lacking both committees have an average security rating of 650. The findings also suggest that the distribution of security ratings among companies with specialized risk and audit committees tends to skew towards the advanced security performance range, whereas companies lacking either of these committees tend to skew towards the basic security performance range."
3. "Having a cybersecurity expert on the board is not enough. Integrating a cybersecurity expert into the board committee tasked with cybersecurity risk oversight makes a significant difference in an organization’s performance. Merely having a cybersecurity expert on the board does not correlate to having a higher security performance rating. Companies with cybersecurity experts on either audit committees or specialized risk committees achieve an average security performance rating of 700, whereas companies with cybersecurity experts but not on either committee attain a security rating of 580. Regardless of this, the percentage of companies with cyber experts on the board remains significantly low. Only 5% of companies within the sample had cyber experts on their boards."
4. "Highly regulated industries tend to outperform other industries in terms of cybersecurity performance. Of the companies with advanced-level security performance ratings, a full third (33%) came from the financial services sector – with an average rating of 720. The sector with the highest average rating overall though, was healthcare at 730. By comparison, nearly a quarter (24%) of companies with basic security performance ratings came from the industrials sector, and the sector with the lowest overall performance rating was the communications sector, at 630"

In conclusion, the findings from the research study conducted by Diligent and Bitsight illuminates a compelling narrative regarding the symbiotic relationship between cybersecurity preparedness and financial success. Organizations that prioritize advanced security measures, bolstered by robust risk and audit committees, emerge as frontrunners in delivering value to shareholders. Notably, these enterprises exhibit significantly higher Total Shareholders’ Returns (TSR) over both short and extended periods, underscoring the enduring impact of proactive cybersecurity strategies on long-term prosperity.

Moreover, this study sheds light on the pivotal role of specialized risk and audit committees, alongside the integration of cybersecurity expertise within board oversight committees, in driving enhanced security performance. As highly regulated industries showcase superior cybersecurity readiness, it becomes increasingly evident that investing in comprehensive security frameworks not only safeguards against threats but also fortifies an organization's competitive edge in an increasingly digital landscape.

Nonetheless, the report's revelation regarding the scarcity of cybersecurity experts on boards calls for concerted efforts to bridge this gap and elevate cybersecurity governance to new heights. Ultimately, the research underscores the imperative for organizations to view cybersecurity not merely as a defensive measure but as a strategic enabler of sustained financial success and shareholder value creation.