Farient Advisors' "Danger, Danger, No Cyber Ranger: Why Boards Need More Cyber Experts" is share-worthy for its informative benchmarking data on S&P 500 cyber expert directors, notwithstanding the firm's unexplained bias toward the need for such expertise to be reflected in a director without regard to other potentially suitable approaches (e.g., management expertise, advisory boards, consultants, training and education) that boards commonly and successfully pursue to fill these and other expertise gaps.
Based on its keyword review of proxy statements, 16% of the S&P 500 reportedly have cyber expert directors, varying by sector as shown here:
Percent of Cyber Experts on Boards by Industry
While the number of new directors with cyber expertise has generally been on the rise since 2010, new cyber expert-directors are heavily concentrated in the IT, Financial Services, and Industrials sectors.
The article recommends companies manage cyber risk by:
- Recruiting a cyber expert director
- Creating a board-level technology committee
- Engaging external cyber expertise to conduct a cyber risk assessment and evaluate the management and organizational infrastructure to address threats
- Educating employees about cyber risks
- Identifying and addressing vulnerabilities
See also Farient Advisors' interview with Digital Directors Network founder and CEO Bob Zukis: "Good Governance: Do Boards Need Cyber Security Experts?"; Deloitte's "Safeguarding the Crown Jewels: The Board's Role"; this prior report: "SEC Commissioner Stein Speaks on Board Cybersecurity Oversight"; and numerous additional resources under Board/Director Oversight on our Cybersecurity/Data Privacy page. This post first appeared in the weekly Society Alert!