Critical Update Needed: Cybersecurity Expertise in the Boardroom

Critical Update Needed: Cybersecurity Expertise in the Boardroom

Stanford Closer Look Series. Corporate Governance Research Initiative, November
2017

The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine they types of cyberattacks that occur and how companies respond to them.

We ask:

  • What steps can the board take to prevent, monitor, and mitigate data theft?
  • What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks?
  • What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity?
  • How difficult is it to find board candidates with these skills?