The Cybersecurity and Digital Trust teams within Wavestone analyzed the maturity levels of the cybersecurity of 290 blue-chip companies across seven major financial centers across the globe. The study is based on the content of their 2019 annual reports and other financial communications such as international data agreements, Form 10-K or 20-F, and so on. This index, scored out of 20, is based on 14 criteria weighted and marked between 0 and 2. These criteria cover the following topics:

  • Issues and risks

Information security issues, cyber risks and impacts, cyber insurance coverage, digital transformation, and new technology security.

  • Governance and regulation

Executive Committee involvement, ISS governance, personal data protection, awareness and training, transparency vis-à-vis security incidents, regulations, and respecting standards.

  • Protection and controls

Action plan implementation, cybersecurity program, securing business systems, audits, and controls.

Regulated financial communications are an opportunity for businesses to present cyber risks to their investors in a transparent way and highlight the investments made to mitigate these cyber risks. While some companies are beginning to show signs of maturity, not all of them are seizing this opportunity.

Discover the results of this unique study now.