Cybersecurity Takes its Place in the Boardroom

November 30, 2016

Those recognized by the National Association of Corporate Directors in its annual compilation of 100 most influential individuals and organizations have achievements in fields such as governance, transformation or oversight.

Cybersecurity hasn’t typically figured among them – until recently. NACD is recognizing Internet Security Alliance CEO Larry Clinton for the second consecutive year in its list, a sign that times are changing when it comes to cybersecurity.

Once the sole domain of the information technology department, cybersecurity is taking its rightful place as a topic of board oversight and discussion.

Corporate boards have increasingly learned to approach cybersecurity oversight in the language of risk management and due diligence. Boards are paying attention to the massive operational and reputational risks that bad cybersecurity poses to enterprises, a good thing for anyone concerned about America’s economic and national security.

Behind this transformation lies years of hard work from the National Association of Corporate Directors and the Internet Security Alliance. The two organizations worked together to publish a handbook for corporate directors on cybersecurity, one that will be updated with new information in January.

The handbook has a measurable effect: PricewaterhouseCoopers found in 2016 (.pdf) that the “Cyber-Risk Handbook for Corporate Directors” has led to substantial increases in corporations’ cybersecurity budget, increased alignment of cybersecurity with business goals, better risk management, and improved communication throughout the enterprise leading to the creation of a culture of security.

Inclusion on the list is an award; it goes with the NACD’s annual Gala at Gotham Hall in New York City, held last Wednesday night. Recipients for the NACD Corporate Directorship 100 award are nominated based on criteria including integrity, informed judgment, mature confidence, and high performance standards. The list requires approval by the NACD board itself after going through multiple stages of review.

“In the past few years we have seen a significant – and very welcome – change in attitude among leading corporate boards who are no longer seeing cybersecurity as an ‘IT’ problem, but an enterprise wide risk management issue demanding direct involvement from the very top of the enterprise,” said Clinton. “NACD has been in the vanguard of that movement.”

Written by Dave Perera, ISA Assistant Vice-President for Government and Policy

| Downloadable Copy (PDF)