A report found that S&P 500 organizations have gaps in their cybersecurity leadership when it comes to risk mitigation. The study found that 57% of companies in the S&P 500 lack specialized experience in non-cyber technology categories.

Twelve percent of S&P 500 companies have specialized cybersecurity expertise among their directors, such as a chief information security officer (CISO), former chief executive officer (CEO), or former chief information officer (CIO) of a cyber company on their boards. Seven percent had a current or former CISO on their boards.

An additional 31% of S&P 500 companies have some level of technology expertise on their boards. These individuals might be informed on cybersecurity and technology issues but have less direct cybersecurity experience than those in the highest tier.

Fifty-two percent in the S&P 500 had directors with a more limited connection to the world of cybersecurity, such as a board member who serves as a director for an IT vendor or someone who may have experience in the industry in a role outside the C-Suite.

Read the full report here.