It is not an overstatement to say that cybersecurity is reshaping how boards assess risk, practice governance, advise management, and ensure the very long-term viability and prosperity of their organizations.
And, as is typically true of all forms of dramatic change, board members face critical questions that will determine if the board—and the overall organization—is going to thrive in an era of intensified cybersecurity risk or be steamrolled by it.
The most successful boards anticipate the dramatic changes that come with cybersecurity -- and are willing to ask the tough questions, including:
Are the right people on our board--and if not, who should they be?
Do you have the right committee structure for evaluating and governing cybersecurity risk?
What should board members talk about?
What are the responsibilities for the rest of the board?
Why Changes Are Necessary at the Board Level
The pace of technology in the past 20 to 30 years has been dramatic, this is nothing compared to what we will experience over the next few years. That’s extraordinarily difficult for anyone to manage, even experienced people. As the threats grow in number and sophistication, with new types of bad actors and threat vectors, people with current operating experience, fresh ideas, and greater comfort with technology will be needed to help guide policy and priorities.
The right board composition, coupled with setting the right mandate for leadership and action, is the best way for board members to make the greatest impact. It’s about making the right choice, not the safe choice.
A successful board transition begins with a documented strategic plan that defines the board member archetypes who will be recruited to the board over the period, and sometimes even identifies specific/aspirational people to approach. Unfortunately, too few organizations actually think this through and invest the time and energy to map it. Often boards realize, “Oops, this person is retiring next year, we need to find an audit committee chair.” Or they may have been dinged with a poor diversity score from ISS or Glass Lewis that triggers a search for a female board member.
Experience has also shown us that successful transition plans involve creating and maintaining synergies and strong working relationships in the boardroom. While it doesn’t mean everyone has to spend quality time together outside the boardroom, it does mean avoiding adversarial, confrontational meetings where personalities and perceived slights get in the way of doing productive work. Give a lot of thought to the intellectual, personal, and political dynamics of your board.
Full Story: Making Boardroom Changes Today to Ensure a Cyber-Secure Tomorrow by Kal Bittianda, Selena LaCroix, and William Houston. 11 October, 2018.