Company

We’re empowering businesses to become stronger, more adaptable, and resilient.

PRESS RELEASE
ISS-Corporate Launches New Brand Reflecting Growth and Focus on Business Resilience
Solutions

Explore our suite of solutions that help businesses make informed decisions that meet the demands of the market and strengthen their organizations.

Corporate Governance

Utilize our data-driven platform to develop and manage a governance program that helps you respond to the demands of the market and your shareholders.

Executive Compensation

Take a research-backed approach to designing and monitoring executive compensation to show that your pay is aligned to performance.

Corporate Sustainability

Approach sustainability management and reporting with developed, targeted methods, and inform stakeholders and regulators of your progress.

Sustainable Finance

Get an independent, outside-in assessment of your sustainable finance offerings, ensuring they meet the highest standards demanded by the market.

Cyber Risk

Get an outside-in view of your cyber security posture so you can better identify and mitigate your cyber risk exposure.

Strategic Partnerships

Access the essential tools to inform corporate client strategies.

Resources

Explore the latest trends and practices in corporate governance, compensation, sustainability, and cyber risk.

FEATURING
Disclosure Reset: Balancing Simplification and Ambition in Sustainability Reporting

  • Company

  • Solutions

    For Advisory Firms

  • Resources

    •
    Press Release

    U.S. Companies Step Up Cyber Risk Mitigation Disclosures in Advance of Forthcoming SEC Requirements

    ROCKVILLE, Md. (October 19, 2023) – ISS Corporate Solutions, Inc. (ICS), a leading provider of compensation, governance, cyber risk monitoring, and sustainability offerings to help companies improve shareholder value and reduce risk, today announced the findings of an analysis of U.S. companies’ disclosures of their cybersecurity risk oversight measures. The analysis comes on the heels of rules announced by the U.S. Securities and Exchange Commission (SEC) in July requiring public companies to disclose their cybersecurity risk management strategies and governance practices annually, as well as any material cybersecurity incidents.

    The report findings suggest that, in advance of the SEC rules taking effect, companies are making a concerted effort to signal to stakeholders that they have an effective approach to managing cybersecurity threats.

    The report findings suggest that, in advance of the SEC rules taking effect, companies are making a concerted effort to signal to stakeholders that they have an effective approach to managing cybersecurity threats. The analysis finds that nearly all companies in the Russell 3000 provide disclosures that include at least an overview of the company’s general approach to information security risk mitigation, with more than half of these also including detailed disclosures about their information security risks as well as strategies or plans to mitigate them. When looking at just those in the S&P 500, more than 80 percent of companies include such details regarding both the risks and methods used for mitigation.

    Furthermore, more companies are detailing the presence of an information security training program, representing an increase of nearly 55 percent among S&P 500 companies and 100 percent among the Russell 3000 (excluding the S&P 500) over the past two years. The number of companies disclosing the presence of an information security risk insurance policy has also risen over the same timeframe, with nearly 67 percent of S&P 500 companies and 57 percent of Russell 3000 (ex. S&P500) companies having noted the presence of security risk insurance as of September 2023.

    Cybersecurity risk oversight has increasingly become a board-level concern, and more companies are seeking to demonstrate that directors have the necessary expertise to confront the challenge. The final version of the SEC rules excluded an anticipated requirement that boards explicitly disclose the cyber-related expertise of directors; regardless, many investors recognize that directors have a duty to exercise diligence in information security oversight for the benefit of shareholders and that having directors with relevant skills signals to investors that the board has the necessary expertise to effectively oversee cybersecurity risks. ICS’ analysis finds that directors with information security expertise are more common among larger companies, with more than half of S&P 500 companies having at least three directors with the relevant expertise. Among the Russell 3000 (ex. S&P500), however, more than 40 percent of companies do not disclose having any directors with cybersecurity expertise, and only about 20 percent of companies have more than three directors with such skills.

    Meanwhile, the report finds that a select handful of companies, 16 S&P 500 and 22 Russell 3000 (ex. S&P500), include cybersecurity measures as part of either annual or long-term executive compensation incentive programs.

    “The SEC’s new cyber disclosure rules are a forcing function for management teams and boards,” said Doug Clare, Managing Director and Head of Cyber Strategy at ISS Corporate Solutions. “As companies will now need to make more robust disclosures about their cyber risk management practices, the rules will undoubtedly compel many firms to adopt more robust processes worthy of the disclosure.”

    Read the full ICS analysis here.

    Companies turn to ISS Corporate Solutions, Inc. (“ISS-Corporate”) for expertise in designing and managing governance, compensation, sustainability, and cyber risk programs that align with company goals, reduce risk, and manage the needs of a diverse shareholder base by delivering data, tools, and advisory services. ISS-Corporate’s global client base extends across North America, Europe, and Asia, as well as other established and emerging markets worldwide. ISS-Corporate is a wholly owned subsidiary of Institutional Shareholder Services Inc. (“ISS”). ISS-Corporate provides advisory services, analytical tools and publications to companies to enable them to improve shareholder value and reduce risk through the adoption of improved corporate governance practices. The ISS research teams, which are separate from ISS-Corporate, will not give preferential treatment to, and are under no obligation to support, any proxy proposal of a corporate issuer nor provide a favorable rating, assessment, and/or any other favorable results to a corporate issuer (whether or not that corporate issuer has purchased products or services from ISS-Corporate). No statement from an employee of ISS-Corporate should be construed as a guarantee that ISS will recommend that its clients vote in favor of any particular proxy proposal or provide a favorable rating, assessment or other favorable result. For more information, please visit https://www.iss-corporate.com/

    ISS STOXX GmbH, through its group companies, is a leading provider of comprehensive and data-centric research and technology solutions that help capital market participants identify investment opportunities, detect qualitative and quantitative portfolio company risks, and meet evolving regulatory requirements. With roots dating back to 1985, we today deliver world-class benchmark and custom indices across asset classes and geographies and serve as a premier source of independent corporate governance, sustainability, cyber risk, and fund intelligence research, data, and related offerings. Our products and services give clients the scale and leverage they need to grow their business more effectively and efficiently.
    ISS STOXX, which is majority owned by Deutsche Börse Group, is comprised of more than 3,400 professionals operating across 33 global locations in 15 countries. Its approximately 6,400 clients include many of the world’s leading institutional investors who turn to ISS STOXX for its objective and varied offerings, as well as companies focused on ESG, cyber, and governance risk mitigation as a shareholder value enhancing measure. Clients rely on ISS STOXX’s expertise to help them make informed decisions to benefit their stakeholders.