Just how committed are Fortune 500 companies to prioritizing information security and customer privacy? New research by cloud access security broker (CASB) Bitglass explores those issues and more in new analysis aptly titled The Cloudfathers.Alas, many large organizations “lack an authentic, lasting commitment” to enhancing cybersecurity, the Campbell, California-based CASB learned. Inasmuch as security breaches have cost major brands millions, prompted C-suite resignations, devalued stock prices and eroded customer confidence, it’s a bit difficult to understand how that can be. How is it that at the Fortune 500 level, there are often no clear cybersecurity leaders nor publicly-stated, non-boilerplate commitments to secure customers’ privacy and data?Here’s what Bitglass discovered in examining publicly-available information on Fortune 500 companies.38 percent of the 2019 Fortune 500 do not have a chief information security officer (CISO). Of that number, only 16 percent have another executive listed as responsible for cybersecurity strategy. Of the 62 percent that do have a CISO, 4 percent are listed on their company’s leadership pages. 77 percent of the Fortune 500 do not indicate on their websites of who is responsible for their security strategy. 52 percent of the Fortune 500 do not have a policy statement on their websites about protecting customers' and partners' data beyond what's legally mandated. In the three largest breaches of publicly traded companies from each of the last three years, the mean number of individuals who had their personal information compromised by each breach was 257 million. To date, these breaches have cost their companies an average of $347 million in legal fees, penalties, remediation costs, and other expenses. On average, these enterprises suffered a 7.5 percent drop in stock price post-breach, leading to a mean market cap loss of $5.4 billion per company. It took an average of 46 days for these companies’ stocks to return to their pre-breach prices. Transportation: 57% Aerospace: 33% Insurance: 30% Most likely to post information on their websites about how they protect customers’ and partners’ data:Aerospace: 89% Finance: 72% Technology: 66% Hospitality: 0% Manufacturing: 8% Telecommunications: 9% Least likely to post information on their websites about how they protect customers’ and partners’ data:Construction: 25% Oil & Gas: 25% Hospitality: 25%