The Zscaler report analyzes S&P 500 proxy statements, revealing significant variation in how companies disclose their cybersecurity programs to investors. While 396 companies provided some details, the information shared was often limited and inconsistent. Key findings include that only 8% of companies align with NIST cybersecurity standards, and just 4% mention ISO certifications. A minority acknowledged past cyber incidents, and only 2% brief their boards on cybersecurity more frequently than quarterly. The report highlights the need for more transparency and standardized reporting to better inform investors about cyber risk management.

Join for free to read