Advanced cybersecurity boosts shareholder return by 372%, study reveals
A new report by Diligent and Bitsight reveals that companies with advanced cybersecurity performance deliver a 372% higher shareholder return as compared to peers with basic cybersecurity measures. The joint investigation analysed over 4,000 mid to large-cap companies in public indices around the globe, including the Top 300 ASX-listed companies in Australia.
According to Dottie Schindlinger, Executive Director of the Diligent Institute, these findings demonstrate that cybersecurity is not just an IT issue, but an enterprise risk affecting company performance and longevity. She commented, "Management and the board need to be up to speed on... cyber risk".
The report also underscores how vital executive understanding of cybersecurity becomes in ensuring business performance. Dr. Homaira Akbari, CEO of AKnowledge Partners adds that cybersecurity is now a key indicator of financial performance, and must be treated as a fundamental pillar of any business strategy.
The research dissects the correlation between a company's cyber oversight structure and their corresponding security performance data, revealing some key findings. Companies with stronger cybersecurity performance attain a significantly higher total shareholder return (TSR) with a 71% TSR over a five-year period and a 67% TSR over three years. In contrast, companies with basic security performance range delivered a 37% and 14% TSR over the same respective time periods.
It was discovered that companies with a larger number of independent directors are more likely to have advanced security ratings. Interestingly, 76% of directors across companies with advanced security ratings are independent as compared to only 66% within companies at the basic security performance level.
Among the added findings, Australia secured third place on a global level in terms of cybersecurity with a security rating average of 700, surpassed only by Canada and the United States who scored 710. Despite this, Australia remarkably ranks second to last in the presence of a cyber expert on boards, accounting for a mere 1% of such professionals.
Firms with specialised risk or audit committees experience better cybersecurity performance. These companies achieve an average security performance rating of 700 whereas companies with cybersecurity experts on the general board, but none on either committee, can only reach an average rating of 580.
The research also indicated that heavily-regulated industries, such as the healthcare and financial services sectors, typically have higher cybersecurity ratings. The healthcare sector, specifically, had the highest average security ratings overall at 730. Chief Risk Officer of Bitsight, Derek Vadala, concluded, "Cyber risk is a key component of business performance."