Corporate boards struggle to understand cybersecurity and digital transformation

Dive Brief:

• Corporate board directors are struggling to oversee the rapidly evolving threat of cyberattacks, according to a report from Diligent Institute, which specializes in corporate governance issues. They consider cyber and data security as their most challenging issue.  
• The report, based on a survey of 300 directors, shows corporate boards are struggling to understand cybersecurity and digital transformation issues. 
• Nearly half of board members are pursuing director education programs to prepare themselves for new breach disclosure rules the Securities and Exchange Commission is proposing, according to the report.

Dive Insight:

The report underscores how the surge in sophisticated cyberthreats – including ransomware – in recent years has challenged traditional corporate governance. Cybersecurity and business interruption are now considered the top corporate risks, according to research from Allianz Group. 

Data security is a priority issue at the most senior levels of U.S. corporations.  Business leaders are now facing requirements to rapidly share intelligence with industry partners while remaining upfront with customers and transparent with investors and government regulators. 

“Overseeing cyber risk is incredibly challenging,” Dottie Schindlinger, executive director of Diligent Institute, said via email. “With the global cost of cybercrime expected to reach $10.5 trillion by 2025, cybersecurity has become a board-level imperative.” 

However, cyber risk oversight and the technical concepts and vocabulary that goes with it, can feel foreign to board directors, Schindlinger said. 

Less than 9% of an average board has technical expertise, research from Diligent Institute found. Even worse, half of the companies surveyed have no technical expertise on the board at all. 

“The role of the board is to monitor the long-term health of the company, so when directors lack fluency in the language of cyber risk, they are ill equipped to oversee one of the most severe areas of enterprise risk facing their organizations,” Schindlinger said.