Skip to content

29 January, 2023

Subscribe Advertise About Us
  • My Account
  • Register
  • Log In
  • Log Out

Board Agenda

  • Governance
  • Strategy
  • Risk
  • Ethics
  • News
    • Categories

      • View All
      • Board Moves
    • stakeholder governance

      Threat to stakeholder governance from Twitter sale ‘overstated’

      Academics and experts argue stakeholder governance will always come second while the law puts the...

    • Davos resilience News round-up: this week in governance

      Lessons from Davos; companies risk sliding back on ethical practices; economics affects everyone; Sir John...

    • audit reform UK Audit reform in the UK risks ‘losing momentum’

      The Financial Reporting Council still awaits the proposed new statutory powers that would allow it...

  • Insight
    • Categories

      • View all
      • Governance
      • Strategy
      • Risk
      • Ethics
      • Board Expertise
      • finance
      • Technology
    • climate litigation

      Climate litigation: how 2022 will shape 2023

      This past year saw a rise in climate litigation, with a focus on the commercial...

    • value whistleblowing

      Why we need to value whistleblowing

      Encouraging staff to speak up and stop harm can reduce legal and reputational risk—both for...

    • HR corporate trust

      HR: How to build employee trust in corporate culture

      The right HR director is essential to lead on a culture that gets the best...

  • Comment
      • View all
    • A week of business moving to the centre of human rights

      A week of events signals the initiatives underway to have companies play a central role...

    • audit reform IIA Why we need audit reform right now

      There is an "urgent need" for reform to the audit landscape as well as internal...

    • climate change energy crisis Sustainability and climate change: the other energy crisis

      The world is addicted to cheap energy. We need to admit this and have the...

  • Interviews
      • View All Interviews
      • Podcasts
      • Webinars
    • Board priorities 2023 Board priorities 2023: tact, trust and transparency

      We asked key figures what would help boards this year. The answers ranged from 'smarter...

    • Group of investors/shareholders in glass building Climate issues likely to figure prominently at next year’s AGMs

      A recent webinar heard that say-on-climate voting is expected to rise, while ESG remains a...

    • NEDs role NEDs ‘needed more than ever’ in times of uncertainty

      The non-executive director’s role is to both challenge and listen to management, agreed the panel...

  • Careers
      • View all
      • Selection
      • Board Moves
    • NED recruitment News round-up: this week in governance

      Your country needs NEDs; governance does not compute; financial firms get more women on board;...

    • HR corporate trust HR: How to build employee trust in corporate culture

      The right HR director is essential to lead on a culture that gets the best...

    • powerful CEOs Boards want powerful CEOs in tough times

      Single-minded chief executives have greater staying ability when business conditions are uncertain, research finds

  • Resource Centre
      • White Paper Downloads
      • Book Reviews
      • Corporate & Advisory Services
    • Edelman Trust Barometer 2023

      2023 Edelman Trust Barometer

      The report is the result of the Edelman Trust Institute's research, which sampled more than...

    • Sophos 2023 Threat Report

      Barriers to entry for would-be cybercriminals are lower, with tools and tactics becoming available to...

    • The C-Suite Outlook 2023: On the Edge

      The Conference Board 2023 C-Suite Outlook survey reveals the events that C-suite executives see as...

  • Events
  • Search by topic
    • Governance
    • Strategy
    • Risk
    • Ethics
    • Regulation
    • ESG
    • Investor Relations
    • Selection
    • Board Expertise
    • finance
    • Technology

Do company boards need an expert in cybersecurity and technology?

by Stephen Bonner on February 24, 2017

Cybersecurity is at the top of boardroom agendas. Stephen Bonner of Deloitte asks whether boards need a member who is a dedicated cyber expert.

Cybersecurity

Photo: Shutterstock

Deloitte recently completed an analysis of FTSE 100 companies’ most recent annual reports, ending September 2016, to review company disclosures concerning cybersecurity. The results show that top companies are trying to reassure investors that they are taking these issues seriously.

These firms are revealing many details about their approach to this risk and being transparent about how such risks might impact on them. There was near consensus that cyber is important to discuss, with 87% identifying it as a principal risk.

In a surprising statistic, just 5% disclose in their annual report that a board member has expertise in cybersecurity or technology.

However, in a surprising statistic, just 5% disclose in their annual report that a board member has expertise in cybersecurity or technology. Whilst it is likely that many more of these boards do have this experience, or access to it, many simply did not disclose this time.

Now the precedent to disclose has been set by these outlying companies, we’d expect that the next set of reports will have a dramatically increased rate of expertise revealed. As the number climbs from an anomaly to the norm, it will be fascinating to see what happens to those boards that do not have access to this capability and, in the meantime, it raises a number of questions.

Will we see increasing pressure from investors to ensure boards have sufficient skills to navigate potentially treacherous waters of cybersecurity? Should a significant cybersecurity incident occur, will the ability of the board, with oversight of management, be called into question? The only answer to these questions is “yes”.

Buzzwords

To date, it has been a goal of the unitary board for all directors to decide company policy by consensus. A diverse set of backgrounds and experience reduce the risk of “group think” and allow each member to bring their own insight and experience to the discussion. But there is a risk, if a board member is seen as the expert on the topic, that other members may attempt to abdicate responsibility to them.

There is clearly a balance to be struck here to ensure the entire board can contribute, while recognising the different strengths and experiences that each member brings. Non-executives may have some knowledge in cyber, but without formal training or tangible experience, it is difficult to get to the nub of the issue.

There is a judgement to make about which areas need to shine from the CVs of the non-executives, and which can be covered with quick wit and sharp minds.

A key principle of corporate governance is that the board needs sufficient relevant skills and understanding to review and challenge management performance. It is unrealistic to expect the board to have representatives with deep experience on every topic, so there is a judgement to make about which areas need to shine from the CVs of the non-executives, and which can be covered with quick wit and sharp minds.

Cybersecurity has a myriad of complex terminologies that can seem impenetrable; those presenting to the board might hide behind that jargon to avoid difficult questions. Even with that dense industry language, someone with a background in a range of fields can probe effectively. Digital or deep technology skills can cut through buzzwords, as can mature risk skills, such as credit or market risk. Members from a senior intelligence or military background often are credible here.

Horror stories

Our analysis showed that 10% of the FTSE 100 disclose that they have trained their board members on cybersecurity. However, it is likely that the number getting this training is actually higher and we will start to see more firms disclose the nature of training across a number of technical issues.

At the very least, this provides comfort to investors. If it can be demonstrated that generalist board members are being kept current on the issues du jour, perhaps this means boards will not need to add members with specific expertise.

Given the nature of the information they need to carry out their duties, board members need to know how to protect their systems and the confidential information they handle.

The horror stories of highly sensitive, and potentially market-moving, information being sent unencrypted to cloud-based email accounts designed for mass market retail use must be left in the past.

Even if you are a non-executive without cyber experience, your computer needs to be updated and protected. It is possible to do this yourself, or ensure the company you oversee provides you a secure way to operate. Either way, the responsibility is down to the individual. For companies, too, there are still some things to learn about providing these environments. Having a different tablet for each board you sit on, for example, is as much a risk to those companies as it is impractical for the non-executive.

Acceleration

Cyber-risks are rising and investors, regulators and customers continue to care about these issues. Boards must be able to understand and effectively challenge these topics.

Cyber-risks are rising and investors, regulators and customers continue to care about these issues. Boards must be able to understand and effectively challenge these topics.

There are a number of ways for them to do this. Ensuring the board can demonstrate their understanding and capability will be key. The largest organisations have defences at scale, and have deep pockets, allowing them to weather these cybersecurity events. It will be interesting to watch how both the big and medium-sized firms mitigate the cyber-threat at board level.

There may be much to learn about how best to do this, but it may be the object lessons of the mid-tier teaching the big firms the right answers, through the painful and destructive lessons learned.

The pace of change is accelerating and vital decisions need to be made at senior levels regarding digital business models, artificial intelligence/machine learning and big data.

What other risks are happening now, on the boards’ watch, on which they haven’t already been briefed? Can the board really carry out its duties effectively without understanding the core of these critical changes to our world? And what other topics do you need insight into to be effective?

For boards themselves, it is prudent to be horizon planning, and not just on cyber.

Stephen Bonner is a partner, FS Cyber Risk at Deloitte.

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Mail

Related Posts

  • Ethics in the technology sector remains a headline issue
    January 26, 2022
    Businessman has biometric data scanned

    For a second year running technology is the sector that garnered the most news stories about ethical lapses—with data privacy a key concern.

  • What boards need to know about sanctions risk and legislation
    September 20, 2021
    Ryanair plane in Vilnius, Lithuania

    The forced diversion of a Ryanair flight to Belarus has put sanctions on the news agenda. Boards should be aware of the risks and legislation.

  • What boards need to know about sanctions risk and legislation
    September 20, 2021
    Ryanair plane in Vilnius, Lithuania

    The forced diversion of a Ryanair flight has put sanctions on the news agenda. Boards should be aware of the risks and legislation.

  • UBS nominates Colm Kelleher and Lukas Gähwiler as chair and vice-chair
    November 23, 2021
    UBS sign

    Kelleher is a former president of Morgan Stanley, while Gähwiler currently serves as chair of the board of UBS Switzerland AG.

For thoughtful journalism, expert insights on corporate governance and an extensive library of reports, guides and tools to help boards and directors navigate the complexities of their roles, subscribe to Board Agenda

cyber-risk, cybersecurity, Deloitte, Stephen Bonner, Technology

Search


Sign up to our Newsletter

Receive independent news, thoughtful journalism & expert insights about leadership, corporate governance & key boardroom issues straight to your inbox every week.

SIGN UP

Follow Us

 

 

 

 

Most Popular

  • Audit reform in the UK risks ‘losing momentum’
  • Activist investor campaigns rise back up to pre-Covid levels
  • How to ensure stakeholders trust your sustainability reporting
  • Elon Musk weighs in against ISS and Glass Lewis
  • Climate litigation: how 2022 will shape 2023
 

Featured Partner Profile

Diligent

Diligent

Diligent Corporation, which was founded in 2001, is headquartered in New York, NY with a European HQ in London. Diligent’s modern governance platform empowers leaders and teams at every level of the organisation to digitally transform and create ...

Featured Partner Resources

2022 AGM Season Forecast: An Eye on The Horizon

To help prepare for AGMs in 2022, Equiniti (EQ) hi...

Stakeholder Engagement: A Roadmap for UK Plc Boards

This guide aims to provide directors and their col...

Digital Boards: How Technology Adoption is Driving Culture Change and Resiliency

Digital tools proved their worth to boards during ...
Leadership in AI report

Leadership in AI

This report from Board Agenda and Mazars, in assoc...
Creativity in a Crisis: a Boardroom Map for Innovation

Creativity in a Crisis: a Boardroom Map for Innovation

In the uncertain times at the height of any crisis...
Board Directors Guide to D&O Liability Insurance - November 2020 - AIG & Board Agenda

Board Directors' Guide to D&O Liability Insurance

Directors face liability over a range of new threa...
Leadership-in-Risk-Management-Board-Report

Leadership in Risk Management: Board Report

Board Agenda, in association with Mazars and INSEA...
Director's Guide to Internal Investigations

A Director's Guide to Conducting Internal Investigations

An internal investigation must be handled meticulo...

 


 

ADVERTISE – FREE CORPORATE LISTING

FREE - Add your company profile to our Corporate & Advisory Directory.
ADD

ADVERTISE – PROMOTE YOUR REPORTS & WHITEPAPERS

FREE - Add your company profile to our Corporate & Advisory Directory.
Add Resource

Register Free

Register to receive free article views, selected resource downloads, and all the latest news alerts straight to your inbox. Register


  • Editors & Contributors
  • Editorial Advisory Board
  • Corporate & Advisory Services
  • Media Marketing Solutions
  • Contact Us
  • Careers
  • Board Director Network
  • Terms & Conditions
  • Privacy Policy
  • Cookies
  • Sitemap
|