The largest companies are gradually telling investors more about the pains they’re taking to protect their own information as well as customers’ privacy. Yet some industries are reporting those efforts better than others, according to new studies.

A growing number of firms have fallen into step with last year’s guidance from the Securities and Exchange Commission to disclose their cyber-security risks and what management and the board are doing to address them. For instance, according to a report from the EY Center for Board Matters, more than half of Fortune 100 companies reported in 2019 proxy statements and annual reports that they sought to recruit new board members with cyber skills versus only 40% the year before.

Also, more companies have decided to place oversight of cyber risk in non-audit committees. It was 28% of the Fortune 100 this year compared to 21% in 2018. (Please see chart at the bottom.)