Challenges Ahead: The Gap in Cybersecurity Expertise on U.S. Boards

Reading Time: ( Word Count: )

September 25, 2023
Nextdoorsec-course

The top-tier companies listed in the U.S. often lack board directors with hands-on experience in cybersecurity, raising questions about the corporate approach to handling cyber threats.

When examining the composition of boards within the S&P 500, a whopping 88% were found to be without a cybersecurity specialist in their directorship. The study discovered that a mere seven firms boasted of having a present or former Chief Information Security Officer (CISO) as a board member, and interestingly, in two instances, it was the same individual.

“I continue to be taken aback by the slow pace of change in boardrooms,” remarked Dave DeWalt, the head honcho and founder of the venture capital firm NightDragon. DeWalt, who also holds board positions at Delta Air Lines and Five9, was part of this enlightening research spearheaded by NightDragon in collaboration with the Diligent Institute, a research offshoot of executive software powerhouse, Diligent. The findings were unveiled this Thursday.

For this research, cyber expertise was characterized as professionals who either currently occupy or have previously held CISO positions, individuals in top-tier tech roles (not strictly cyber-centric), and those with tech backgrounds sans high-ranking roles.

A closer look revealed that about half (52%) of the firms had a director with some tech background related to cybersecurity. This bracket included those affiliated with cyber firms or associated with professional bodies in the cybersecurity domain.

Also Read: Colorado Attorney General Takes Action Against Care Facility’s Data Breach

According to Emily Heath of VC firm Cyberstarts, having board members well-versed in cyber matters is now imperative for sound governance. Heath, with a past role as the security head at giants like United Airlines and DocuSign, currently sits on the boards of Wiz and Gen Digital.

“Board members, in their supervisory capacities, must ensure risks, including cyber threats, are aptly addressed,” Heath emphasized, adding the importance of possessing cyber expertise to ask the right questions.

Challenges Ahead: The Gap in Cybersecurity Expertise on U.S. Boards

Echoing these sentiments, a study by The Wall Street Journal in late 2022 found that of the 4,621 board directors across S&P 500 entities, only 86 had meaningful cybersecurity exposure in the past decade.

Earlier proposals by the U.S. Securities and Exchange Commission had pushed for mandatory disclosures regarding board members with cyber expertise. However, this suggestion was not included in the finalized rules introduced on September 5.

Myrna Soto, the brains behind consulting giant Apogee Executive Advisors, highlights the inherent challenge of securing suitable board candidates, given that cybersecurity is a niche and complex domain. Plus, the recent trend of inducting cybersecurity leaders into top executive roles means many lack the broader business insight vital for board positions.

Soto, serving as a director at conglomerates like Spirit Airlines, Popular, and TriNet Group, noted that board discussions on cybersecurity are usually short-lived, as other topics vie for attention. Therefore, any cyber specialist on the board must be versatile enough to contribute to a wider range of discussions.

“Boardroom candidates with cybersecurity expertise need to be holistic business thinkers,” she underlined.

NightDragon’s DeWalt believes addressing this discrepancy demands concerted efforts from both boardrooms and cybersecurity professionals. While security leaders need to broaden their business understanding, companies should promote CISOs to genuine C-suite roles, and boards must deepen their grasp of cyber-related issues.

“I’m eager to see ongoing training mandates for boardroom members in cyber literacy,” he voiced.

Noor Khan

Noor Khan

Author

My name is Noor, and I am a seasoned entrepreneur focused on the area of artificial intelligence. As a robotics and cyber security researcher, I love to share my knowledge with the community around me.

Other interesting articles

How Important is Physical and Cyber Security for Businesses: A Comprehensive Overview

How Important is Physical and Cyber Security for Businesses: A Comprehensive Overview

Physical and cyber security have become increasingly important for businesses of all sizes in today's digital age. ...
What Are the Best CCTV Cameras to Invest In: A Comprehensive Guide

What Are the Best CCTV Cameras to Invest In: A Comprehensive Guide

Investing in CCTV cameras is a smart move for anyone looking to secure their property. With the rise in crime ...
Unveiling the Mystery: Does TikTok Notify When You Save Someone’s Videos?

Unveiling the Mystery: Does TikTok Notify When You Save Someone’s Videos?

TikTok, with its rapidly growing user base and innovative content, has become a pivotal platform in today’s ...
Effortless Fixes for ‘Why is TikTok Not Letting Me Follow Anyone’

Effortless Fixes for ‘Why is TikTok Not Letting Me Follow Anyone’

Have you ever excitedly tapped the follow button on a TikTok creator's profile, only to find that the app seems to ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *