Their fears aren’t surprising, given the rising incidence of attacks and potential for directors to be found directly liable—both civilly, and, in more extreme cases, criminally—for failing to protect shareholders from data theft.
Dealing with cybercrime was listed as the top risk facing boards, ahead of financial/legal risks and product risks, according to a new survey of 189 members of the Society for Corporate Governance, a nonprofit director peer group, jointly conducted by Deloitte.
Just over half of the respondents said their audit committees took primary responsibility for cybersecurity threats, which, not surprisingly, also counted as the leading topic of boardroom education.
Some 14% of respondents said they had added a board member with cyber experience in the past two years.
The report comes amid indications that many companies remain unprepared to deal with cyberattacks, though spiraling financial losses and moves by governments to tighten oversight rules are forcing executives to consider upping their defenses.
Bob Zukis, a governance expert at peer group The Conference Board, last year suggested cyber experts could one day become just as important on boards as financial experts were following the introduction of the Sarbanes-Oxley Act in 2002.
“Whether forced by regulators, pressured by activists or added by a board that recognizes that good corporate governance needs cyber-security-competent directors, a decade from now, we’ll look back in disbelief at what is today, the novel concept of having cybersecurity skills in the American corporate boardroom,” Zukis said.
In a sign boards are getting more serious about diversifying their skill sets, the Society for Corporate Governance Survey found that 64% of boards added a new director in the past year, up from 50% in 2014.
The changes resulted mainly from resignations and planned retirements, though 22% attributed change to keeping the board fresh, while 15% reported it was to achieve greater diversity.
Directors also are boning up on their activism defense strategies, with 74% of companies reporting they are discussing how to prepare for activism, up from 55% in 2014. Just over a quarter of companies said they had been approached by an activist investor in the past year.