Behind closed doors, what are corporate board members saying—or not saying—about cybersecurity, executive compensation, and social media? For this we turn to the results of the “2013 Law in the Boardroom” survey of some 550 directors and general counsel, from Corporate Board Member and FTI Consulting. See how your company stacks up:

What GCs and directors worry about

Data Security: Both general counsel and directors ranked “data security” second on the list of things keeping them up at night. (GCs ranked regulatory compliance first; for directors, the number one worry is succession/leadership transition.)

That may have something to do with how confident they feel about their company’s ability to quickly detect a cyber breach and assess the damage:

“Only a third of general counsel feel ‘very confident’ in their company’s ability to respond, and less than a quarter of directors agree . . . While more than half of both groups (51 percent of GCs and 63 percent of directors) are at least somewhat confident in their company’s ability to handle a breach, is that enough, given the escalating risks in this new electronic era?”

What they’re spending a lot of time on

Executive Compensation: General counsel and board members don’t rank executive compensation high on their list of worries, but they sure do say it takes up a lot of their time—60 percent of directors and 46 percent of GCs “rate it one of their top issues in terms of time commitment,” according to the survey.

That’s understandable when you consider just some of the factors at play, including public scrutiny of executive pay, peer group comparisons, and the use of compensation consultants. “Few governance issues have drawn the level of scrutiny and concern in recent years as those driven by executive compensation,” according to the report.

What they feel good about

Codes of Conduct: The majority of directors (66 percent) and general counsel (60 percent) are very confident that their company’s code of conduct helps promote compliance by linking employee guidelines to corporate values. Moreover, 80 percent of all respondents said the code of conduct had been reviewed in the past year.

What’s not getting talked about

New Guidance Documents: Remember those 100-plus pages on antibribery enforcement issued by the Department of Justice and the Securities and Exchange Commission last fall? Or how about the SEC’s 2011 guidance on cybersecurity disclosure? “Interestingly, only about 35 percent of GCs and even fewer directors (25 percent) indicated they’ve discussed these issues in the boardroom,” the report says, “even though arguably these areas should be part of any board’s regular oversight of enterprise risk management.”

Social Media: While most directors may feel good about their company’s code of conduct, many don’t know whether their company even has a policy on corporate social media use. In fact, 38 percent said they were “unsure” if such a policy is in place, with another 21 percent saying they don’t have one, and 41 percent confirming they do.

Nor has social media been the subject of much boardroom discussion recently:

“[O]nly 16 percent reported they have discussed the topic formally and feel confident their board has a good understanding of the risks, 37 percent said the topic has been broached but they need more information to feel comfortable with the strategy and the risks, and 26 percent said their board has no plans to formally discuss social media issues.”

What directors and GCs don’t want to talk about (in public)

Internal Investigations: The survey asked whether “boards should disclose internal investigations involving one or more members of the executive team.” The answer was a big NO from 82 percent of general counsel and 63 percent of directors—though that does leave more than a third of board members who think disclosure is the way to go.

FTI’s advice: “This is an area where there is no one, clear, best practice, but it is something board members ought to be discussing prior to such an event occurring.”