Corporate Directors Struggling to Address Moving Targets

Ever wonder what keeps corporate directors awake at night?

NYSE Governance Services recently released its annual What Directors Think Survey, which sheds light on the challenges facing the boardroom as well as what corporate directors are doing to manage risk.

The report, which was prepared in conjunction with consulting firm Spencer Stuart, surveyed nearly 500 corporate directors, 70 percent of whom identified themselves as outside directors, and another 20 percent who said they serve as board chair or lead director. The respondents are fairly experienced, with 44 percent have served on a board for more than 10 years, and an additional 33 percent holding directorship for five to 10 years.

As the report highlights, serving as a corporate director is becoming a more challenging job as boards struggle to respond to the risks that accompany new technology, regulations, and shareholder demands. In fact, 55 percent of the directors surveyed do not believe a public company board can ever fully anticipate the many facets of risk in the current corporate environment.

Directors are also being asked to wear a number of different hats. While respondents still cited industry expertise as the most important attribute of a potential director, it was quickly followed by financial expertise, IT/cyber experience, gender diversity, and CEO experience. Other qualifications that are in greater demand compared to previous surveys include legal/regulatory experience and racial diversity.

“The expectations placed on boards in terms of what they are asked to oversee is much greater today due to many factors, including an increasingly dynamic global economy, political uncertainty, disruption caused by new technologies, and an active M&A environment,” says Kevin M. Connelly, CEO, Spencer Stuart. “As a result, directors find themselves needing to be knowledgeable in areas they may or may not have had much past exposure to or experience in, such as cybersecurity.”

Given the growing risks that emanate from foreign governments, organized crime and competitors, cybersecurity and data privacy are on the radar of nearly every corporate director, with more than 80 percent citing it as a concern on their agenda (only second to operational risk). Despite recognizing the risk, the directors surveyed still expressed realistic concern about their ability to oversee and minimize it. Only 15 percent were very confident that their board was adequately addressing cyber threats. Approximately 63 percent were only somewhat confident, while the remaining respondents were not confident at all.

As we see both the public and private sectors struggling to effectively manage their cybersecurity risks, and as reports of major breaches have increasingly become a daily occurrence, it is surprising that some corporate leaders can actually feel “somewhat confident” that things are getting under control. Perhaps, in order to mitigate this real and growing danger, business leaders should consider convening a summit meeting of both public and private sectors to better understand the nature of the threat and to formulate more effective risk mitigation solutions?