In mid-February President Obama announced his plan to create a new agency to coordinate the analysis of cyberthreats. He also urged companies to share cybersecurity-threat information with one another and the federal government.
The new agency, the Cyber Threat Intelligence Integration Center (CTIIC), will collect and disseminate cyberbreach data to clearinghouses soon after they occur, according to Lisa Monaco, assistant to the President for Homeland Security and Counterterrorism.
In a February 11 speech, Monaco said: “Currently, no single government entity is responsible for producing coordinated cyber threat assessments, ensuring that information is shared rapidly among existing Cyber Centers and other elements within the government, and supporting the work of operators and policy makers with timely intelligence about the latest cyber threats and threat actors. The CTIIC is intended to fill these gaps.”
In the executive order, President Obama encourages the development of central clearinghouses for companies and the government to share data and creation centers where data can be shared across specific regions in the US and beyond. The order is voluntary, not a mandate.
The President’s actions follow recent cyberattacks on major retail, healthcare, and entertainment companies. In 2013 he issued an executive order to improve critical infrastructure cybersecurity. [For more on that executive order, read PwC’s BoardroomDirect April 2013 (Issue in focus: Cybersecurity on the board’s agenda).]
The Conference Board’s Governance Center recently shared a memo from the general counsel of a Fortune 500 company general counsel addressing cybersecurity and the role of the board. The memo addresses the duties and liabilities directors face in this area. [For more information on President Obama’s cybersecurity actions, read PwC’s cybersecurity blog.]
Many directors want changes in the allocation of risk oversight responsibility and are not satisfied with cybersecurity and IT risk information provided to them by management, according to the 2014-2015 NACD Public Governance Survey.
The survey, which compiles perspectives on governance trends and best practices from more than 1,000 corporate directors, found that more than half believe the allocation of risk oversight responsibility should be assigned to the full board, rather than to the audit committee alone. In PwC’s 2014 Annual Corporate Directors Survey, 84% of directors said there was a clear allocation of responsibility for risk oversight, up from 80% in 2013 and 63% in 2012. However, of those directors who say there is a clear allocation of responsibility this year, 55% still think it can be improved.
Other findings from the survey include:
Directors are spending more time than ever on their board responsibilities. There was an average of 278 hours per year, up from 236 hours in 2013.
Boards’ use of formal CEO succession plans is increasing. Fifty-seven percent of respondents have a formal CEO succession plan, compared to 39 percent in 2011.
Institutional Shareholder Services (ISS) recently released 20 FAQs on the new equity plan scorecard (EPSC) it will use in making 2015 proxy season voting recommendations.
It explains how their scorecard system works and compares the differences in scoring the models of S&P 500, Russell 3000, non-Russell 3000 and IPO/bankrupt companies. Questions also address how many points are needed to get a positive score and how equity plans at IPOs will be evaluated, among other things.
The new model considers a range of positive and negative factors, rather than the previous “pass/fail” tests. The scores for each equity compensation plan proposal will consider cost, plan features, and company grant practices. A company's total score will generally determine whether ISS gives a “For” or “Against” recommendation.
To read the full FAQ document, click here.
On February 9 the SEC released proposed rules to enhance corporate disclosure of company hedging policies for directors and employees.
The proposal, which is mandated under the Dodd-Frank Act, would require companies to disclose whether directors, officers and other employees are permitted to hedge or offset any decrease in the market value of equity securities they were granted by the company.
“The proposed rules would provide investors with additional information about the governance practices of the companies in which they invest,” said SEC Chair Mary Jo White. “Increasing transparency into hedging policies will help investors better understand the alignment of the interests of employees and directors with their own.”
Further, the proposed rule would require proxy statement disclosure of whether employees or members of the board of directors are permitted to purchase financial instruments, including prepaid variable forward contracts, equity swaps, collars, and exchange funds that are designed to hedge or offset any decrease in the market value of company equity securities.
The public comment period for the proposed rule amendments ends April 20.