Critical Update Needed: Cybersecurity Expertise in the Boardroom

• Published in: IDEAS Working Paper Series from RePEc
• Main Authors: Larcker, David F, Reiss, Peter C, Tayan, Brian
• Format: Paper
• Language: English
• Published: St. Louis Federal Reserve Bank of St. Louis 01.01.2017
• Subjects: Boards of directors; Corporate governance; Cybersecurity

The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine the types of cyberattacks that occur and how companies respond to them. We ask: 1. What steps can the board take to prevent, monitor, and mitigate data theft? 2. What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks? 3. What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity? 4. How difficult is it to find board candidates with these skills? The Stanford Closer Look series is a collection of short case studies through which we explore topics, issues, and controversies in corporate governance and executive leadership. In each study, we take a targeted look at a specific issue that is relevant to the current debate on governance and explain why it is so important. Larcker and Tayan are co-authors of the books Corporate Governance Matters and A Real Look at Real World Corporate Governance.