Governance Surveys
Directorship Magazine
2025 Private Company Board Practices Oversight Survey
Data Pack: Cybersecurity
Which of the following cyber-risk oversight practices has the board performed over the past 12 months?
|
Cyber-Risk Oversight Practices |
Value |
|
Reviewed the company’s current approach to protecting its most critical data assets |
73.08% |
|
Reviewed the most significant cyber threats |
65.38% |
|
Reviewed the company’s cyberbreach response plan |
56.41% |
|
Assessed risks associated with third-party vendors or suppliers |
52.56% |
|
Assigned clearly defined roles to its standing committees with regard to cyber-risk oversight |
32.05% |
|
Participated in a test of the company’s response plan |
28.21% |
|
Assigned clearly defined roles to the full board with regard to cyber-risk oversight |
17.95% |
|
Considered adding a standing committee focused on cyber-risk oversight |
15.38% |
|
|
n=78 |
This table comes from the Cybersecurity section of the 2025 NACD Private Company Board Practices and Oversight Survey.