September 6, 2019
Bloomberg Law – Equifax Hack Aftermath Shines Light on Boards’ Cyber Oversight
By Andrea Vittorio
Equifax Inc.’s hack shows pressure on corporate boards to step up cyber risk oversight.
Its settlement with the Federal Trade Commission, announced July 22, requires the credit rating company to pay up to $700 million, conduct annual assessments of security risks, and have the board annually issue compliance certifications.
Equifax has revamped its board’s system for monitoring cyber risks since the 2017 hack that exposed personal information of more than 140 million people and forced the company’s CEO to step down. The board has also added three new members with backgrounds in cybersecurity, technology, and data and analytics.
That makes Equifax one of a few companies in the S&P 500 index that have cyber experts on their boards. Just 16% of companies have a board member with cyber expertise or experience in information or data security, according to a recent analysis by Farient Advisors, an executive compensation consulting firm. But the number of directors versed in cybersecurity is rising, it says.
“Companies have only been waking up to this threat” recently, said Dayna Harris, a partner at Farient Advisors. Most of the cyber experts added to corporate boards have come in the past five years.