The report’s authors said that there was a broad trend of boards that identify risk but leave the action to manage the risks to those in the day-to-day operational roles, which means that boards are not addressing the risks in a more comprehensive fashion.
The survey of the directors of over 300 US boards carried out in 2015 found that the risk issues of most concern were reputational risk 75%; cyber security/IT risk 61%, regulatory compliance risk 53% and senior management succession planning 51%, which the authors said is consistent with the results of the previous surveys conducted over the past three years across public, private and not-for-profit boards.
UK Cyber-security &
Investor Engagement report is available by email
Given the high profile of cyber security risk and the growth of social media the survey this year contained specific questions for directors in these areas. The report’s authors note that social media is intrinsically linked to a company’s reputation and image and argue that organisations and boards should consider social media as one of the most important risks to manage and monitor.
However, the survey found that only 6% of boards feel as though they are well-versed in social media risk, and 67% of organisations are not engaging external consultants to monitor social media. The results indicate that boards may not fully understand the potential impact and harm social media can have on a company’s reputation, according to EisnerAmper.
The survey also found that cyber security is the most recognised specific risk, emerging as a concern for 70% of respondents on public company boards. More than 95% of public companies either use internal audit or external auditors/consultants to monitor cyber risk. However, only 24% felt their boards are well-versed in understanding cybersecurity risk and another 10% felt that they are falling short of fully understanding the risk.
Charly Weinstein, EisnerAmper Chief Executive Officer said, “Because social media and cyber security are intrinsically linked to a company’s reputation and image, organisations and boards should consider both as among the most important risks to manage and monitor. With today’s media capable of capturing every crisis occurring within organizations, it is becoming increasingly evident how connected reputation, cybersecurity and social media are in relation to risk.”
“The findings strongly reflect the accelerating pace of change facing directors. To fulfill their commitments to their stakeholders, board members need to ensure that their organizations are informed, educated and forward-focused,” Weinstein added.
The survey concluded that while companies are beginning to take the proper steps to prepare for a reputational crisis by having plans in place, providing training and employing an internal audit function, fewer than 50 percent of respondents feel they are “well-versed” in the issues.