This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

Building Effective Cybersecurity Governance

Investors, regulators and other stakeholders are putting greater pressure on organisations to improve transparency and build governance that demonstrate cybersecurity is a priority.

Digitalisation has changed the way companies operate and given rise to a rapidly evolving set of risks that companies face and must prepare for – cybersecurity risks. The increasing prevalence of cyber attacks, notably ransomware, coupled with declining availability of cyber insurance, is leaving companies increasingly exposed to the often-significant impacts of a cybersecurity incident. 

There is naturally a short-term financial cost – research from IBM1 reveals that the average total cost of a ransomware breach in 2022 is $4.54 million - but reputationally the impact of an incident may be longer lasting.

Our latest paper on corporate governance looks at the evolving regulation and the expectations of institutional investors. In the report, Orla Cox, Hetal Kanji and Simon Onyons set out a proposed framework for cybersecurity reporting based on the FSB Task Force on Climate-related Financial Disclosures (TCFD) structure.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals. 

FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm. 

Ultimately, a combination of regulation and demand for greater transparency will mean a step-change in disclosure for companies. However, there is likely to be a clear benefit – financially and reputationally – for companies who are first movers and adopt a more proactive approach to governance and oversight of cyber risk and disclosure.


cybersecurity, digitalisation, cyber risk, governance, investors, regulators, ransomware