MIT Sloan Management Review Article on Adding Cybersecurity Expertise to Your Board

Against a backdrop of persistent cyberattacks, and spurred on by new regulations, corporate boards are scrambling to build better capabilities to oversee cybersecurity risk management.1 While this is good news for healthy corporate governance, it presents immediate challenges to companies looking to identify and recruit new directors with the right mix of skills, experience, and contacts.

Given the significance of cybersecurity risk, increased attention to board skills and composition in this area is overdue. Respondents to PwC’s 2023 Annual Corporate Directors Survey rated cybersecurity risk second only to strategic/disruptive risks as a significant challenge to their board, and 64% reported that they had increased the amount of board meeting time devoted to the topic in the past 12 months. However, only 19% said they had added a new board member with cybersecurity experience in the past year.

About the Author

Chon Abraham is the Mansfield Professor of Business (Information Systems) in the Operations and Information Systems Management area in William & Mary’s Mason School of Business. Sasha Cohen O’Connell is a senior professorial lecturer and executive in residence in the Department of Justice, Law & Criminology in American University’s School of Public Affairs. Iria Giuffrida is a professor of the practice of law and assistant dean for Academic and Faculty Affairs at William & Mary Law School. Ronald R. Sims is the Emeritus Floyd Dewey Gottwald Sr. Professor of Business Administration at William & Mary’s Mason School of Business.

Learn more about MIT SMR.