Cybersecurity and the Twenty-First Century Board of Directors

It's concerning that some board experts are balking about the newly proposed Cybersecurity Disclosure Act of 2015 that would require publicly traded companies to disclose, in their investor filings with the U.S. Securities and Exchange Commission (SEC), whether any member of their board of directors is a cybersecurity expert. Rather than object to this recommendation, one would imagine that on the eve of 2016, boards of directors that don't already have cybersecurity experts would tremble, and that their investors would run for the hills.

Cybersecurity is one of the greatest threats to a company's viability and sustainability in 2016 (Harvard Law School Forum on Corporate Governance and Financial Regulation). On the flip side, cybersecurity challenges present an opportunity for a company to find solutions and to profit by distinguishing itself among its competitors. With Hyatt Hotel's payment processing systems hacked just this month, and a major health insurance plan provider hacked earlier in 2015, competitors that can provide better protections have an advantage among consumers. Furthermore, cybersecurity will be a $170 billion industry by 2020 for companies that can deliver innovative solutions.

Just as boards require directors with expertise in finance, today they must also have directors with experience in cybersecurity. It takes qualified board members to provide oversight by knowing what questions to raise and how to assess management's responses. Symantec recognized this a few years ago when they recruited U.S. Air Force General Suzanne Vautrinot to the board. During her 31 year tenure with the USAF, "she led large-scale, diverse, global organizations that operate, extend, maintain, and defend global networks." Not only does General Vautrinot have the advanced degrees and board experience, she also "oversaw a multi-billion dollar global cyber enterprise with 14,000 military, civilians, and contractors. Her unit conducted military, intelligence, and law-enforcement missions; provided IT services and technology management to 850,000 users; and performed global vulnerability assessment and remediation, and proactive cyber defense activities." Well qualified for a board position.

In order to maximize shareholder value, boards must have directors from diverse backgrounds with experience related to the vital economic, social, and environmental problems facing our world. Such well qualified boards can support management in seeking innovative solutions to global problems to mitigate risks, reduce costs, and grow profits in the global marketplace. Boards and their advisors must look ahead to the greatest challenges and opportunities of the twenty-first century in building the best boards and focusing their agendas accordingly.