Why Corporate Boards Need Cybersecurity Experts

As we all see it playing out right before our very own eyes, our country is under siege by something that you can’t see or touch. More than any other time in this century, lives are being lost, fortunes are being decimated and small business and entrepreneurs are seeing their dreams get obliterated right in front of them. Heartbreaking, mind-boggling, surreal and disturbing are only a few words among many that might scratch the surface of how most of us are feeling right now. When will it end? Will it ever be the same for our country? And, when it does we will wonder if we are all truly safe. Will we be secure?

Companies, small and large, are pivoting by the minute. They and we all must make an effort to come through this storm and emerge in a positive direction. The way in which we work physically and intellectually will never be the same. Terms like transformation, risk mitigation and security are leading topics of the day. Corporate board leadership are hopefully and should be taking a step back, assessing the composition of their board and whether there is the truly needed expertise in cybersecurity, transformation, risk mitigation, impact on culture. So, why do corporate boards need cybersecurity experts?

Unfortunately, in times of crisis, there are the lowly who joyfully capitalize on the vulnerabilities that arise. The cybercriminals, many of whom are well skilled and already lurking, leverage these times of vulnerability to create havoc and gain control during a crisis. Great cybersecurity experts know how to move from protecting against data breaches (and we know there always will be breaches) to being responsive to protecting the perimeter and how to respond as a breach happens – PR responses, client communications response, internal company communication, tactical insurance and remedial responses.  Skilled cybersecurity experts have deep experience and expertise in evaluating threats and are well positioned to advise the board on the next wave in cybersecurity which is quantum computing. Areas such as post quantum computing/ cryptography should all very important discussions in today’s corporate boardroom.

When corporate boards have assembled their board composition, they hire, in large part, for C-level operating or financial skills.  In turn, corporate boards do not hire the expertise to drive to the right questions in the board room, not to mention failing to hire the expertise within the companies themselves.  In the end, a single attack or series of attacks can not only damage the company but can destroy its value.

Corporate boards must realize that cybersecurity is more than just a technology issue; they must internalize that cybersecurity is a strategic implication at the company level. The board needs to step back, review the cybersecurity status of their company, and establish an overarching cybersecurity strategy that weaves into the basic structure of the company. In order to do this, the board will need an expert who can share information and learnings around cybersecurity.

No doubt, skeptics will say that these capabilities can be acquired through an outside provider.  However, the challenge associated with such organizations is that their approach is almost always technology centric. Their focus will be on the same core issues around vulnerabilities and risks rather strategic questions more suited to the C-Suite and Board.

So, where do you find cybersecurity candidates for your board? Technologists such as CIOs, CTO, and CISOs tend be heavily focused on technology solutions rather than governance and strategic discussion. Therefore, the ideal candidates are executives who have run businesses in the cybersecurity space and have successfully driven strategic discussions at their own client organizations.

Our companies today, large or small, are at an inflection point. They need the expertise to guide the board and its company that has worked in organizations that have been impacted by big crises, such as the 2008 Financial Crisis, or 9/11. Cybersecurity expertise is a key ingredient in guiding the way to deal with these types of shifts and in these tenuous times. Let’s hope we very soon see a swift shift in board composition.