The corporate landscape is rapidly changing, and investors and other stakeholders are demanding broad-based transparency and accountability on topics of increasing interest, such as cybersecurity; environmental, social, and governance (ESG); and artificial intelligence (AI).
Labrador’s 2024 analysis of US corporate disclosures from the top 250 companies in the S&P 500 underscores the importance of these areas and the need for clear, comprehensive reporting.
By prioritising these issues, companies not only strengthen governance frameworks and meet regulatory requirements but also enable investors to conduct a deeper analysis of strategy, risk, and performance, ultimately building lasting trust with shareholders.
Cybersecurity disclosure
As cyber-threats continue to evolve, it is expected that boards prioritise cybersecurity risk oversight within their governance structures. In the US, the 2022 directive from the Securities and Exchange Commission (SEC) mandates material cybersecurity incident reporting, but also annual disclosures about risk management and strategy.
Disclosure items include enterprise risk management (ERM) approaches, cyber risk evaluations, and the role of external advisers. Governance disclosures are also required, including a description of the boards’ oversight of risks from cybersecurity threats and processes for informing the board about such risks.
To increase transparency around the critical role of the board and assist the reader in locating this information, many US companies included sub-headers in the new cybersecurity section of their Form 10-K (the financial performance report required by the SEC), particularly to separate the board oversight discussion. The new disclosure requirements also prompted companies to revisit their discussion of cybersecurity oversight in proxy statements.
While some companies cross-reference their Form 10-K in their proxies, others offer standalone cyber risk sections or include it as part of the broader discussion of risk, often enhanced by design elements for clarity. In 2024, 60% of the S&P 250 included a section, subsection or callout discussing the board’s cybersecurity oversight role.
As these practices evolve, board members must ensure robust, comprehensive and accessible cybersecurity oversight to meet SEC requirements and shareholder expectations. Here are some board practices highlighted in corporate disclosures:
1. Enterprise risk management integration. Cybersecurity is integrated into the company’s ERM framework with clear processes for identifying and mitigating threats, supplemented by regular briefings from cybersecurity experts.
2. Risk assessments. Annual or more frequent assessments of cybersecurity preparedness are conducted, as well as reviews of incident response plans and vendor security.
3. Alignment across reports. Disclosures across Form 10-Ks and proxy statements are aligned for consistency, using user-friendly design elements to enhance clarity.
4. Board oversight. Accountability for cybersecurity oversight is established through dedicated committees or by assigning responsibilities to existing ones, for example, audit or risk.
These disclosures help demonstrate that boards are equipped to effectively navigate the evolving cybersecurity landscape while meeting SEC and shareholder expectations.
Artificial intelligence oversight
As AI technologies become integral to business operations, boards are adjusting their oversight frameworks to address the unique risks and opportunities associated with AI. Transparency regarding AI use will become increasingly important, as stakeholders seek clarity on how companies leverage it, the associated risks, and ethical considerations.
A recent article posted on Harvard Law School Forum on Corporate Governance citing an ISS-Corporate report revealed that only 15% of companies explicitly addressed AI in their disclosures, highlighting an opportunity for improvement. Surveys further indicate a significant gap between the anticipated impact of AI and current governance and risk management preparedness.
To manage AI-related risks—operational, regulatory and ethical—some boards are enhancing their expertise by appointing knowledgeable members or engaging external advisers. Regular updates from management on AI utilisation and risks will empower informed decision-making, while integrating AI risks into ERM frameworks will ensure ongoing assessment of its social and ethical implications.
Although current regulations do not mandate oversight structures for AI, the increased use of this emerging technology and the related risks as well as the growing number of proxy proposals covering AI-related issues are driving more disclosures. Proactively disclosing oversight practices in proxy statements will demonstrate how AI risks are managed and how boards stay informed about this evolving technology. By implementing these measures, boards can build stakeholder trust, demonstrate robust governance, and commit to responsible AI practices.
Integrating AI oversight in disclosure documents
Investors expect comprehensive disclosures regarding board oversight, especially in emerging areas such as AI. AI oversight can be effectively integrated into key corporate documents:
1. Proxy statements. These are primary vehicles for informing investors about board activities. Companies can highlight their AI oversight approach, detailing committee involvement, discussion frequency, and specific expertise among board members. Using graphics can enhance understanding of the governance structure surrounding AI.
2. ESG or sustainability reports. Some companies incorporate AI oversight in sustainability reports, particularly concerning data privacy, cybersecurity and social impact. This aligns with broader ESG priorities, allowing discussions on how the board monitors AI’s ethical, social and environmental implications.
3. Form 10-K and emerging disclosure requirements. While current regulations do not mandate AI oversight disclosures in 10-K filings, this may change as AI’s impact grows. Companies can proactively include AI oversight in the risk factors section or management discussion and analysis to outline the board’s approach to AI as a potentially material risk or opportunity.
By strategically incorporating AI oversight into these documents, companies can effectively meet investor expectations and demonstrate a commitment to strong governance.
ESG expectations and trends
As the reporting season approaches, board members must adapt to evolving expectations for sustainability-related disclosures. Despite rumblings of an ESG backlash, stakeholders—including institutional investors—remain focused on sustainability related topics, and the shift away from “ESG” terminology was less significant than expected. In fact, a Labrador review of 100 S&P 250 companies revealed only modest changes in report titles, with “ESG Report” (26%) and “Sustainability Report” (28%) remaining the most common nomenclature; however, variations of “Impact Report” are gaining traction.
Boards face increasing pressure to ensure sustainability reporting moves beyond aspirational language to clearly align business strategy with ESG-related risks and opportunities. Among the S&P 250, 47% included leadership letters discussing ESG integration with broader company strategy, and 49% of reports outlined the process for assessing material topics, presenting key opportunities for boards to provide deeper insights.
Investors also expect companies to provide information about goals, including processes for setting targets, and concrete steps for achieving them. As companies advance their sustainability efforts, accountability for transparent, measurable progress becomes critical. Notably, 44% of companies present an ESG goal tracker or dashboard. With 79% disclosing specific emissions reduction targets, there will likely be more demand for progress updates. Boards should advocate for comprehensive disclosures to demonstrate a thoughtful strategic approach to sustainability, enhancing long-term resilience.
To navigate the evolving ESG landscape, boards should ensure sustainability reporting aligns with investor expectations and regulatory trends. Key steps include:
1. Establish clear ESG oversight and strategy alignment. Integrate ESG priorities into the long-term strategy with specific, trackable goals, possibly through dedicated committees or cross-functional teams.
2. Emphasise accountability and transparent progress reporting. Advocate for measurable metrics in ESG reporting, prioritising regular updates on emissions reduction, DEI initiatives, and risk assessments, utilising dashboards for accountability.
3. Monitor compliance with regulatory and stakeholder expectations. Collaborate with legal and compliance teams to stay informed on ESG regulations, particularly new rules that include Scope 3 emissions reporting.
4. Consider approach to materiality assessments. Revisit assessments of sustainability-related topics that may only consider relevance or importance of topics to operations and stakeholders; consider whether topics should be evaluated through the lens of financial materiality and/or impact materiality.
5. Champion leadership and culture in sustainability-related communication. Encourage executives to include leadership letters in ESG reports to convey strategic vision. Fostering a culture that values sustainability enhances credibility and trust among stakeholders.
In today’s corporate landscape, the growing demands for transparency and accountability in cybersecurity, AI, and ESG disclosures create both challenges and opportunities for boards of directors. By proactively addressing these issues and implementing strong oversight practices, boards can meet investor expectations while positioning their companies for sustainable growth.
As regulatory environments evolve and stakeholder expectations rise, boards must remain engaged and adaptable. By establishing clear oversight frameworks, prioritising accountability, and creating a culture of transparency, boards can lead their organisations confidently into the future, enhancing trust and long-term value while fulfilling their governance responsibilities and contributing to the broader conversation about corporate responsibility and sustainability.
Jennifer Cooney is the advisory practice director at Labrador US, a communications firm focused on corporate disclosure documents