Skip to content

7 December, 2023

Advertise About Us
  • My Account
  • Subscribe
  • Log In
  • Log Out

Board Agenda

  • Governance
  • Strategy
  • Risk
  • Ethics
  • News
    • Categories

      • View All
      • Board Moves
    • workers on boards

      ‘Workers on boards’ idea is back on the table

      European-style two-tier board system may help to end stagnation in the UK, reports the Resolution...

    • AI catastrophe Avoiding AI catastrophe is ‘beyond corporate governance’

      It is ‘inevitable’ that the risks from artificial intelligence require public governance, according to a...

    • sustainability Where next for sustainability?

      An expert panel discussed their view of global trends for the business world in Board...

  • Insight
    • Categories

      • View all
      • Governance
      • Strategy
      • Risk
      • Ethics
      • Board Expertise
      • finance
      • Technology
    • AI priorities

      AI priorities for the board

      To reap the benefits of artificial intelligence, boards will need to work on their organisational...

    • purpose statement

      On purpose: crafting an authentic statement

      Purpose statements define how organisations align purpose and people. Here’s how to make a statement...

    • first-time CFO

      How to succeed as a first-time CFO

      The remit and responsibilities of the chief financial officer have changed, which can seem daunting...

  • Comment
      • View all
    • uk corporate governance

      Why UK corporate governance needs tightening up

      The LSE’s response to the government’s panicky U-turn on governance regulation is not helpful to...

    • faith in the UK Audit reform is essential to restore faith in the UK

      When it comes to understanding what attracts investors to a capital market, the London Stock...

    • U-turn on audit reform An uncomfortable U-turn on audit reform

      The government’s bonfire of the regulations expected for audit reform creates a source of uncertainty...

  • Interviews
      • View All Interviews
      • Podcasts
      • Webinars
    • sustainability Where next for sustainability?

      An expert panel discussed their view of global trends for the business world in Board...

    • reporting elements Boards urged to retain ‘beneficial’ reporting elements

      Although the government cancelled the requirement, resilience disclosures ‘cannot be wasted effort’, says senior auditco...

    • energy transition Collaboration is key to UK energy transition

      Communication, innovation and engagement are needed for the move to net zero, an expert panel...

  • Careers
      • View all
      • Selection
      • Board Moves
    • gender diversity study Academics criticise BlackRock gender diversity research

      Its methodology came under fire, with some critics also pointing out it was wrong to...

    • diversity of thought How to boost diversity of thought

      Companies benefit from diverse workforces, but also from having the input of different opinions and...

    • minority NED Number of minority NEDs drops

      Although there is some progress in diversity in other board roles, research suggests that boards...

  • Resource Centre
      • White Paper Downloads
      • Book Reviews
      • Corporate & Advisory Services
    • Risk Map: Top Risks 2024

      Control Risks' Top Risks for 2024 cut across the geopolitical, security, operational, regulatory, and cyber/digital...

    • A Director’s Guide to Conducting Internal Investigations 2023

      An internal investigation must be handled meticulously to avoid legal exposure, regulatory or criminal prosecution...

    • Spencer Stuart UK Board Index Highlights 2023 cover

      Spencer Stuart UK Board Index Highlights 2023

      The 2023 UK Spencer Stuart Board Index is a review of board composition and governance...

  • Events
  • Search by topic
    • Governance
    • Strategy
    • Risk
    • Ethics
    • Regulation
    • ESG
    • Investor Relations
    • Selection
    • Board Expertise
    • finance
    • Technology

Do company boards need an expert in cybersecurity and technology?

by Stephen Bonner on February 24, 2017

Cybersecurity is at the top of boardroom agendas. Stephen Bonner of Deloitte asks whether boards need a member who is a dedicated cyber expert.

Cybersecurity

Photo: Shutterstock

Deloitte recently completed an analysis of FTSE 100 companies’ most recent annual reports, ending September 2016, to review company disclosures concerning cybersecurity. The results show that top companies are trying to reassure investors that they are taking these issues seriously.

These firms are revealing many details about their approach to this risk and being transparent about how such risks might impact on them. There was near consensus that cyber is important to discuss, with 87% identifying it as a principal risk.

In a surprising statistic, just 5% disclose in their annual report that a board member has expertise in cybersecurity or technology.

However, in a surprising statistic, just 5% disclose in their annual report that a board member has expertise in cybersecurity or technology. Whilst it is likely that many more of these boards do have this experience, or access to it, many simply did not disclose this time.

Now the precedent to disclose has been set by these outlying companies, we’d expect that the next set of reports will have a dramatically increased rate of expertise revealed. As the number climbs from an anomaly to the norm, it will be fascinating to see what happens to those boards that do not have access to this capability and, in the meantime, it raises a number of questions.

Will we see increasing pressure from investors to ensure boards have sufficient skills to navigate potentially treacherous waters of cybersecurity? Should a significant cybersecurity incident occur, will the ability of the board, with oversight of management, be called into question? The only answer to these questions is “yes”.

Buzzwords

To date, it has been a goal of the unitary board for all directors to decide company policy by consensus. A diverse set of backgrounds and experience reduce the risk of “group think” and allow each member to bring their own insight and experience to the discussion. But there is a risk, if a board member is seen as the expert on the topic, that other members may attempt to abdicate responsibility to them.

There is clearly a balance to be struck here to ensure the entire board can contribute, while recognising the different strengths and experiences that each member brings. Non-executives may have some knowledge in cyber, but without formal training or tangible experience, it is difficult to get to the nub of the issue.

There is a judgement to make about which areas need to shine from the CVs of the non-executives, and which can be covered with quick wit and sharp minds.

A key principle of corporate governance is that the board needs sufficient relevant skills and understanding to review and challenge management performance. It is unrealistic to expect the board to have representatives with deep experience on every topic, so there is a judgement to make about which areas need to shine from the CVs of the non-executives, and which can be covered with quick wit and sharp minds.

Cybersecurity has a myriad of complex terminologies that can seem impenetrable; those presenting to the board might hide behind that jargon to avoid difficult questions. Even with that dense industry language, someone with a background in a range of fields can probe effectively. Digital or deep technology skills can cut through buzzwords, as can mature risk skills, such as credit or market risk. Members from a senior intelligence or military background often are credible here.

Horror stories

Our analysis showed that 10% of the FTSE 100 disclose that they have trained their board members on cybersecurity. However, it is likely that the number getting this training is actually higher and we will start to see more firms disclose the nature of training across a number of technical issues.

At the very least, this provides comfort to investors. If it can be demonstrated that generalist board members are being kept current on the issues du jour, perhaps this means boards will not need to add members with specific expertise.

Given the nature of the information they need to carry out their duties, board members need to know how to protect their systems and the confidential information they handle.

The horror stories of highly sensitive, and potentially market-moving, information being sent unencrypted to cloud-based email accounts designed for mass market retail use must be left in the past.

Even if you are a non-executive without cyber experience, your computer needs to be updated and protected. It is possible to do this yourself, or ensure the company you oversee provides you a secure way to operate. Either way, the responsibility is down to the individual. For companies, too, there are still some things to learn about providing these environments. Having a different tablet for each board you sit on, for example, is as much a risk to those companies as it is impractical for the non-executive.

Acceleration

Cyber-risks are rising and investors, regulators and customers continue to care about these issues. Boards must be able to understand and effectively challenge these topics.

Cyber-risks are rising and investors, regulators and customers continue to care about these issues. Boards must be able to understand and effectively challenge these topics.

There are a number of ways for them to do this. Ensuring the board can demonstrate their understanding and capability will be key. The largest organisations have defences at scale, and have deep pockets, allowing them to weather these cybersecurity events. It will be interesting to watch how both the big and medium-sized firms mitigate the cyber-threat at board level.

There may be much to learn about how best to do this, but it may be the object lessons of the mid-tier teaching the big firms the right answers, through the painful and destructive lessons learned.

The pace of change is accelerating and vital decisions need to be made at senior levels regarding digital business models, artificial intelligence/machine learning and big data.

What other risks are happening now, on the boards’ watch, on which they haven’t already been briefed? Can the board really carry out its duties effectively without understanding the core of these critical changes to our world? And what other topics do you need insight into to be effective?

For boards themselves, it is prudent to be horizon planning, and not just on cyber.

Stephen Bonner is a partner, FS Cyber Risk at Deloitte.

Related Posts

  • Ethics in the technology sector remains a headline issue
    January 26, 2022
    Businessman has biometric data scanned

    For a second year running technology is the sector that garnered the most news stories about ethical lapses—with data privacy a key concern.

  • What boards need to know about sanctions risk and legislation
    September 20, 2021
    Ryanair plane in Vilnius, Lithuania

    The forced diversion of a Ryanair flight to Belarus has put sanctions on the news agenda. Boards should be aware of the risks and legislation.

  • What boards need to know about sanctions risk and legislation
    September 20, 2021
    Ryanair plane in Vilnius, Lithuania

    The forced diversion of a Ryanair flight has put sanctions on the news agenda. Boards should be aware of the risks and legislation.

  • UBS nominates Colm Kelleher and Lukas Gähwiler as chair and vice-chair
    November 23, 2021
    UBS sign

    Kelleher is a former president of Morgan Stanley, while Gähwiler currently serves as chair of the board of UBS Switzerland AG.

For thoughtful journalism, expert insights on corporate governance and an extensive library of reports, guides and tools to help boards and directors navigate the complexities of their roles, subscribe to Board Agenda

cyber-risk, cybersecurity, Deloitte, Stephen Bonner, Technology

Search


Sign up to our Newsletter

Receive independent news, thoughtful journalism & expert insights about leadership, corporate governance & key boardroom issues straight to your inbox every week.

SIGN UP

Follow Us





Most Popular

  • Sustainability governance is on the rise
  • Why UK corporate governance needs tightening up
  • Proxy adviser warns LSE over governance
  • News round-up: this week in governance
  • How to future-proof your board

Featured Partner Profile

Diligent

Diligent

Diligent Corporation, which was founded in 2001, is headquartered in New York, NY with a European HQ in London. Diligent’s modern governance platform empowers leaders and teams at every level of the organisation to digitally transform and create ...

Featured Partner Resources

Leadership ESG

Leadership in ESG Integration: a study into UK board oversight, implementation and disclosure

This research report is based on detailed response...
The Engagement Appeal: The Path to Inclusive Investor Engagement

The Engagement Appeal: The Path to Inclusive Investor Engagement

This is the inaugural white paper from The Engagem...
Mazars c-suite 2023

Mazars C-suite barometer 2023

The Mazars C-suite barometer is based on responses...

Stakeholder Engagement: A Roadmap for UK Plc Boards

This guide aims to provide directors and their col...

Digital Boards: How Technology Adoption is Driving Culture Change and Resiliency

Digital tools proved their worth to boards during ...
Leadership in AI report

Leadership in AI

This report from Board Agenda and Mazars, in assoc...

A Director's Guide to Conducting Internal Investigations 2023

An internal investigation must be handled meticulo...

ADVERTISE – FREE CORPORATE LISTING

FREE - Add your company profile to our Corporate & Advisory Directory.
ADD

ADVERTISE – PROMOTE YOUR REPORTS & WHITEPAPERS

FREE - Add your company profile to our Corporate & Advisory Directory.
Add Resource

Register Free

Register to receive free article views, selected resource downloads, and all the latest news alerts straight to your inbox. Register


  • Editors & Contributors
  • Editorial Advisory Board
  • Corporate & Advisory Services
  • Media Marketing Solutions
  • Contact Us
  • Careers
  • Board Director Network
  • Terms & Conditions
  • Privacy Policy
  • Cookies
  • Sitemap
|

Copyright © 2023 Questor Media Group Ltd.

  • Terms & Conditions
  • Privacy Policy
  • Sitemap