{"id":15871,"date":"2023-01-18T18:23:10","date_gmt":"2023-01-18T23:23:10","guid":{"rendered":"https:\/\/www.dhrglobal.com\/?p=15871"},"modified":"2023-10-06T17:17:54","modified_gmt":"2023-10-06T21:17:54","slug":"cisos-in-the-boardroom-the-state-of-cybersecurity-for-the-top-500-u-s-public-company-boards-of-directors","status":"publish","type":"post","link":"https:\/\/www.dhrglobal.com\/insights\/cisos-in-the-boardroom-the-state-of-cybersecurity-for-the-top-500-u-s-public-company-boards-of-directors\/","title":{"rendered":"CISOs in the Boardroom: The State of Cybersecurity for the Top 500 U.S. Public Company Boards of Directors"},"content":{"rendered":"\n<div class=\"block-hero alignfull  has-breadcrumb\">\n    <div class=\"outerwrap\">\n        <div class=\"wrapper\">\n            <div class=\"copy\">\n\n                                    <ul>\n                        <!-- Breadcrumb NavXT 7.0.2 -->\n<li><a property=\"item\" typeof=\"WebPage\" title=\"Go to Insights.\" href=\"https:\/\/www.dhrglobal.com\/insights\/\" class=\"post post-page\" aria-current=\"page\"><span property=\"name\">Insights<\/span><\/a><meta property=\"position\" content=\"1\"><\/li>                    <\/ul>\n                \n                                    <h1>CISOs in the Boardroom: The State of Cybersecurity for the Top 500 U.S. Public Company Boards of Directors<\/h1>\n                \n            <\/div>\n        <\/div>\n\n            <\/div>\n<\/div>\n\n\n<div class=\"block-insights-detail \">\r\n\t<div class=\"intro\"><p><strong>A Research Report from DHR Global \u2014 Second in the Series on CISOs in the Boardroom.<\/strong><\/p>\n<\/div>\t<div class=\"meta\">\r\n\t\t<p class=\"date\">January 18, 2023<\/p>\r\n\t\t\t\t<p class=\"author\">Authors:<\/p><ul><li><a href=\"https:\/\/www.dhrglobal.com\/consultant\/heather-smith\/\">Heather Smith<\/a><\/li><li><a href=\"https:\/\/www.dhrglobal.com\/consultant\/kathryn-ullrich\/\">Kathryn Ullrich<\/a><\/li><\/ul>\t<\/div>\r\n<\/div>\n\n\n<h2 class=\"has-green-color has-text-color\">Executive Summary<\/h2>\n\n\n\n<p>The Securities and Exchange Commission (SEC) will soon announce details regarding new levels of boardroom cyber accountability, including:<\/p>\n\n\n\n<ul class=\"\" data-cols=\"1\"><li>How boards of directors for public companies should track and report cybersecurity risks and incidents.<\/li><li>The effects of these incidents on their businesses and bottom lines.<\/li><li>The processes they put in place to resolve breaches and remain resilient.<\/li><li>Annual reporting about board cybersecurity expertise, if any.<\/li><li>Investors\u2019 notifications about preparedness against evolving threats and material incidents.<\/li><\/ul>\n\n\n\n<p>The SEC\u2019s new amendment will go beyond the National Association of Corporate Directors (NACD) guidelines, which generally reference the need for cyber threat discussions; the legal implications of incidents; having access to independent experts; understanding expectations of management and the board; and how to manage risk in a world where total cybersecurity is unrealistic. Similarly, for some years, boards have referred to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. This voluntary and customizable approach has five concurrent stages to respond to cybersecurity risks: identify, protect, detect, respond and recover. The framework serves as a best practice guide for raising awareness about cybersecurity and the importance of effective communications for internal and external stakeholders.<\/p>\n\n\n\n<p>The SEC\u2019s approach is anticipated to be in stark contrast to these earlier efforts. As the SEC discussed in its initial announcement in March 2022, the commission plans to help boards enhance and standardize disclosures about how their companies prepare for, mitigate and manage risk; identify who has the expertise to manage cybersecurity risks and lead cybersecurity efforts; and determine how cybersecurity efforts affect the business health and financial success of these public companies. &nbsp;<\/p>\n\n\n\n<p>DHR Global, an executive search and leadership consulting firm, has seen an uptick in the requirement for cybersecurity specialists to join boards, even before the SEC reveals details about the new rules. DHR conducted proprietary research into how America\u2019s top 500 public company boards of directors are managing cybersecurity threats. DHR will expand this benchmark report next year and will publish it annually along with chief information security officer (CISO) skills sourcing recommendations and anecdotal accounts of cybersecurity best practices that DHR Global clients are incorporating globally.<\/p>\n\n\n\n<p>The data below are from DHR Global\u2019s first-year research findings and form the second article in its series, \u201cCISOs in the Boardroom,\u201d following the October 2022 publication of \u201c<a href=\"https:\/\/www.dhrglobal.com\/insights\/cisos-in-the-boardroom\/\">It\u2019s Happening Again \u2013 Massive Change Expected to America\u2019s Boards of Directors, 20 Years After Sarbanes-Oxley<\/a>.\u201d<\/p>\n\n\n\n<h2 class=\"has-green-color has-text-color\">Topline Findings<\/h2>\n\n\n\n<p>Our findings were startling and all over the map, indicating a need for SEC cybersecurity standardization and oversight:<\/p>\n\n\n\n<ul class=\"\" data-cols=\"1\"><li>Only 1.4% (seven out of 500 companies) have a current or former CISO on their boards.<\/li><li>Only one-quarter (23%) of the companies have a current or former chief information officer (CIO) on their boards.<\/li><li>The vast majority (65%) have assigned their audit committees to take on the added responsibility of directing and reporting on cybersecurity.<\/li><li>Approximately half (48%) have disclosed that their board members have cybersecurity skills, although 7% of those didn\u2019t identify where these skills reside.<\/li><li>One-quarter (24%) are assigning cyber oversight to their full boards.<\/li><li>Only 10 out of 500 companies, or 2%, have created cybersecurity committees.<\/li><li>Only 11 out of 500 companies have assigned their risk committees to oversee cybersecurity.<\/li><\/ul>\n\n\n\n<p>\u201cThese findings are in line with what I\u2019m hearing from companies that are looking for individuals who have recent cyber experience, which they describe as within the last two years,\u201d said Kathryn Ullrich, Managing Partner in DHR\u2019s tech-focused Silicon Valley office and a member of the Technology and Diversity Practices. \u201cSome companies have cyber experience without CISOs and would get credit for meeting the expected SEC guidelines. An overwhelming majority of the inquiries, however, are from boards that don\u2019t have any functional technical experience \u2013 even in the form of CIOs \u2013 and are suffering as a result.\u201d<\/p>\n\n\n\n<p>\u201cWhere entire boards have cyber oversight, it\u2019s a nightmare as directors struggle to learn the evolving cyber landscape and NACD or NIST policies, as well as recommended board practices, all while worrying about external breaches,\u201d she added.<\/p>\n\n\n\n<p>Heather Smith, partner in the Board &amp; CEO Practice at DHR echoed Ullrich\u2019s sentiments. \u201cWe believe most public companies of all sizes are ill-prepared for upcoming SEC regulations on cybersecurity and risk assessment,\u201d Smith said. \u201cIt\u2019s obvious that a sea change is underway at the board level. As a result of the SEC identifying the need and issuing new guidance, we\u2019ve already had a number of boards looking to hire CISO board directors who understand the latest vulnerabilities and best strategies on cyber risk.\u201d<\/p>\n\n\n\n<h2 class=\"has-green-color has-text-color\"><strong>The Methodology<\/strong><\/h2>\n\n\n\n<p>DHR Global identified the top 500 U.S. public companies by revenue; researched their 10-K and annual proxy statements filed with the SEC for board composition; listed board directors with prior CISO or CIO experiences and directors who were disclosed to have cybersecurity expertise; and quantified the most prominent professional experiences of those cyber experts on the board. All data collected are based on publicly available information and have been aggregated.<\/p>\n\n\n\n<h2 class=\"has-green-color has-text-color\"><strong>The Research<\/strong><\/h2>\n\n\n\n<p>In September 2022, DHR Global researched the top 500 U.S. public companies by revenue and their board members to learn how they\u2019re assigning responsibility for cybersecurity and disclosing cyber expertise, since this is expected to be a key focus of the new SEC rules. The research focused on the largest public companies because of the readily available information and because these companies should be leading the way in demonstrating and disclosing cyber expertise on their boards.<\/p>\n\n\n\n<p>DHR Global wanted to know if any existing or newly formed committees were being assigned to oversee cybersecurity and which directors had cyber expertise, either because these individuals\u2019 profiles had been disclosed or it was likely, given their previous career experience.<\/p>\n\n\n\n<p>Specifically, DHR Global wanted to know whether the boards had CISO and\/or CIO board members since these executives would likely have the most technical insights on current cyber risks that companies face.<\/p>\n\n\n\n<h3><strong>Top 500 U.S. Public Companies in Study<\/strong><\/h3>\n\n\n\n<div class=\"wp-block-media-text alignfull is-stacked-on-mobile has-off-white-background-color has-background\" style=\"grid-template-columns:44% auto\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" width=\"984\" height=\"1024\" src=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/DHR-Research-Company-Size-Chart-984x1024.png\" alt=\"Chart describing DHR Global's research set: U.S. companies ranked by revenue. Half of the companies in our research scope reported their latest revenues between $6 billion and $15 billion, while the top nine companies reported revenue of more than $200 billion. The mean and median are $18.2 billion and $14.3 billion, respectively.\" class=\"wp-image-15880 size-full\" srcset=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/DHR-Research-Company-Size-Chart-984x1024.png 984w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/DHR-Research-Company-Size-Chart-288x300.png 288w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/DHR-Research-Company-Size-Chart-768x799.png 768w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/DHR-Research-Company-Size-Chart-1477x1536.png 1477w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/DHR-Research-Company-Size-Chart-320x333.png 320w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/DHR-Research-Company-Size-Chart.png 1617w\" sizes=\"(max-width: 984px) 100vw, 984px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p>Our research targets the top 500 U.S. companies ranked by revenue. Half of the companies in our research scope reported their latest revenues between $6 billion and $15 billion, while the top nine companies reported revenue of more than $200 billion. The mean and median are $18.2 billion and $14.3 billion, respectively.<\/p>\n<\/div><\/div>\n\n\n\n<p>Among the industries these companies represent include:<\/p>\n\n\n\n<ul class=\"\" data-cols=\"1\"><li>Aerospace<\/li><li>Education<\/li><li>Energy<\/li><li>Entertainment<\/li><li>Financial services<\/li><li>Food<\/li><li>Government<\/li><li>Health care<\/li><li>Information technology (IT)<\/li><li>Telecommunications<\/li><li>Manufacturing<\/li><li>Real estate<\/li><li>Construction<\/li><li>Transportation<\/li><\/ul>\n\n\n\n<p>Each sector faces cybersecurity threats related to having massive stores of data, hybrid campuses and outdated technology; new Internet of Things devices; a lack of system integration; inefficiencies in identity and access management; data breaches from ransomware, phishing and web vulnerabilities; and denial of service attacks.<\/p>\n\n\n\n<p>Most companies in our study are transforming their operations, networks and services to improve cybersecurity controls and agility for their businesses as well as customer experience.<\/p>\n\n\n\n<p>Among our other findings:<\/p>\n\n\n\n<ul class=\"\" data-cols=\"1\"><li>Most face continuing global supply chain issues.<\/li><li>Most have moved or are moving to the cloud.<\/li><li>After moving to the cloud, all are experiencing more cyberattacks than ever before.<\/li><li>29% of CEOs and 40% of chief security officers admit their organizations are unprepared for a rapidly changing threat landscape, according to <a href=\"https:\/\/thoughtlabgroup.com\/cyber-solutions-riskier-world\/\">Thought Lab\u2019s 2022 cybersecurity study<\/a>.<\/li><\/ul>\n\n\n\n<p>While the scope for this research study focused on the 500 largest U.S. public companies, DHR Global clients of all sizes \u2013 private and public \u2013 and worldwide have inquired about the best approach for addressing their boards\u2019 cybersecurity risk responsibilities.<\/p>\n\n\n\n<p><a id=\"_msocom_1\"><\/a><\/p>\n\n\n\n<h2 class=\"is-style-underlined\"><strong>Boards\u2019 Disclosure of Cyber Expertise<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-media-text alignfull has-media-on-the-right is-stacked-on-mobile has-off-white-background-color has-background\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" width=\"1024\" height=\"609\" src=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Board-Cyber-Skills-Disclosed-Chart-1024x609.png\" alt=\"DHR Global chart describing that 41% of companies disclosed and identified a cyber expert. 7% disclosed having a cyber expert on the board without identifying them. 8% possibly have a cyber expert on the board but it was not disclosed. 44% did not disclose having a cyber expert on the board nor do they appear to have one.\" class=\"wp-image-15881 size-full\" srcset=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Board-Cyber-Skills-Disclosed-Chart-1024x609.png 1024w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Board-Cyber-Skills-Disclosed-Chart-300x178.png 300w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Board-Cyber-Skills-Disclosed-Chart-768x457.png 768w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Board-Cyber-Skills-Disclosed-Chart-1536x914.png 1536w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Board-Cyber-Skills-Disclosed-Chart-2048x1218.png 2048w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Board-Cyber-Skills-Disclosed-Chart-320x190.png 320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p>The good news is that <strong>48% of the top 500 U.S. public companies disclose in their annual reports that they have cyber expertise<\/strong>, including 41% of the companies that identify the specific committee or individuals with this expertise, while 7% didn\u2019t specify the expertise.<\/p>\n\n\n\n<p>Eight percent of the companies didn\u2019t disclose their boards\u2019 cyber skills; however, they have at least one current or prior CISO or CIO on their boards, so they\u2019re very likely to be cyber-savvy.<\/p>\n\n\n\n<p>The remaining companies (44%) don\u2019t have cyber experts on their boards or chose not to disclose this information. Neither of these scenarios would meet the SEC cybersecurity rules, unless the companies would hire an independent cyber consultant.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"is-style-underlined\"><strong>Committee Cyber Oversight<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-media-text alignfull is-stacked-on-mobile has-off-white-background-color has-background\" style=\"grid-template-columns:44% auto\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" width=\"719\" height=\"1024\" src=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Cybersecurity-Committee-Chart-719x1024.png\" alt=\"According to DHR Global research:\nIn 121 companies, the full board is responsible for the oversight of cyber risk. In 328 companies, it falls under the Audit Committee. 55 companies place this responsibility in the Risk Committee, 27 in the (Information) Technology Committee, 13 in the Safety\/Security Committee, 12 in the Compliance Committee, 10 in the Cybersecurity Committee, and 6 in the Nominating and Governance Committee.\" class=\"wp-image-15883 size-full\" srcset=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Cybersecurity-Committee-Chart-719x1024.png 719w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Cybersecurity-Committee-Chart-211x300.png 211w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Cybersecurity-Committee-Chart-768x1094.png 768w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Cybersecurity-Committee-Chart-1078x1536.png 1078w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Cybersecurity-Committee-Chart-1438x2048.png 1438w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Cybersecurity-Committee-Chart-320x456.png 320w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Cybersecurity-Committee-Chart.png 1768w\" sizes=\"(max-width: 719px) 100vw, 719px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p>In annual report disclosures, an audit committee predominantly takes responsibility for cyber risk in most companies. In one-quarter (121) of the companies, the full board \u2013 sometimes with another committee \u2013 is responsible for the oversight of cyber risk.<\/p>\n\n\n\n<p>It\u2019s noteworthy that <strong>10 companies made the bold move to establish committees exclusively for cybersecurity<\/strong>, demonstrating their concern and control for managing the risk appropriately. This is a trend DHR will continue watching, as we expect other companies to follow to better manage cyber risk.<\/p>\n\n\n\n<p><em>Note: The numbers add up to more than 500 because of multiple committee assignments.<\/em><\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"is-style-underlined\"><strong>Cyber Experts on the Board<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-media-text alignfull has-media-on-the-right is-stacked-on-mobile has-off-white-background-color has-background\" style=\"grid-template-columns:auto 44%\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" width=\"812\" height=\"1024\" src=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Professional-Background-Chart-812x1024.png\" alt=\"\" class=\"wp-image-15884 size-full\" srcset=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Professional-Background-Chart-812x1024.png 812w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Professional-Background-Chart-238x300.png 238w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Professional-Background-Chart-768x968.png 768w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Professional-Background-Chart-1219x1536.png 1219w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Professional-Background-Chart-320x403.png 320w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Professional-Background-Chart.png 1574w\" sizes=\"(max-width: 812px) 100vw, 812px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<h3 class=\"has-dark-blue-color has-text-color\"><\/h3>\n\n\n\n<p>In the research, 238 companies disclosed the personal profiles of 443 individuals who brought cyber expertise to the boardroom.<\/p>\n\n\n\n<p>A significant proportion of the cyber experts (58%) had prominent roles in the C-suite, including CEO, chief operating officer, chief financial officer and other executive positions. Another group of 77 individuals (17%) held senior executive titles such as executive vice president, senior vice president, vice president, and general counsel.<\/p>\n\n\n\n<p>Another 45 individuals (10%) were active on various boards as professional board members; however, most had not held an executive role in the last decade.<\/p>\n\n\n\n<p>Other professionals gained cyber expertise from their previous careers in the military (7%), government (5%) and academia (less than 3%).<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"is-style-underlined\"><strong>Boards with CISO or CIO<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-media-text alignfull is-stacked-on-mobile has-off-white-background-color has-background\" style=\"grid-template-columns:45% auto\"><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" width=\"1024\" height=\"717\" src=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Current-or-Prior-CISO-Chart-1024x717.png\" alt=\"\" class=\"wp-image-15882 size-full\" srcset=\"https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Current-or-Prior-CISO-Chart-1024x717.png 1024w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Current-or-Prior-CISO-Chart-300x210.png 300w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Current-or-Prior-CISO-Chart-768x538.png 768w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Current-or-Prior-CISO-Chart-1536x1076.png 1536w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Current-or-Prior-CISO-Chart-2048x1435.png 2048w, https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2023\/01\/Current-or-Prior-CISO-Chart-320x224.png 320w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p>We further investigated the number of CIOs and CISOs who are on boards now because of the technical nature and rapid rate of evolution for cyber risk. In conversations with board members, we learned about some who are considered to be cyber experts because they were technology industry executives \u2013 albeit not from technical fields. We also learned about audit committee members who don\u2019t have technical expertise and 100-page audit committee reports that had a single page devoted to cyber risk. These board members are scrambling to learn cybersecurity and cyber risk because they\u2019re perceived as the most \u201ctechnical\u201d board members. The problem is that they don\u2019t have cyber expertise.<\/p>\n\n\n\n<p>It\u2019s surprising that <strong>only seven out of the top 500 U.S. public companies have a board member who is a current CISO or previously held this title<\/strong>. One-quarter of the pool includes at least one current or prior CIO as part of the board team.<\/p>\n\n\n\n<p>Since CISOs and CIOs have comprehensive skills in cybersecurity and information technology security, we anticipate more companies will add at least one of those roles to their boards.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"has-green-color has-text-color\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>The 500 largest U.S. public companies should be leading the way in demonstrating cyber expertise on their boards, yet our research shows that even these companies may not have the required expertise to address increasing risks from cybersecurity threats.<\/p>\n\n\n\n<p>In the absence of federal oversight, companies have been left to figure out how to respond to cyber-related risks. This has resulted in a crazy patchwork of approaches and a broad range of people who have various job titles and expertise and are expected to lead the oversight of cybersecurity risk. These issues will only be compounded for smaller and mid-cap public companies that have similar resources and face cyberattacks.<\/p>\n\n\n\n<p>We\u2019ve also seen companies that don\u2019t focus fully on cybersecurity.<\/p>\n\n\n\n<p>As the Nov. 11, 2022, Harvard Business Review article, <a href=\"https:\/\/hbr.org\/2022\/11\/is-your-board-prepared-for-new-cybersecurity-regulations\">\u201cIs Your Board Prepared for New Cybersecurity Regulations?\u201d<\/a> noted: \u201cMost organizations \u2026 focus on cyber protection rather than cyber resilience. \u2026 Resiliency is more than just protection; it\u2019s a plan for recovery and business continuation. Being resilient means you\u2019ve done as much as you can to protect and detect a cyber incident and you\u2019ve also done as much as you can to make sure you can continue to operate when an incident occurs. \u2026 The ultimate goal of a cyber-resilient organization would be zero disruption from a cyber breach.\u201d<\/p>\n\n\n\n<p>At DHR Global, we suggest that boards consider the depth of their members\u2019 cybersecurity knowledge to effectively manage risk from cyberattacks. A few of our clients have seen firsthand that when boards appoint a CISO or CIO board director who has recent, relevant industry expertise and create a cybersecurity committee to manage risk, they improve their companies\u2019 security and resiliency.<\/p>\n\n\n\n<h2 class=\"is-style-underlined has-green-color has-text-color\" id=\"meet-the-authors\">Meet the Authors<\/h2>\n\n\n<div class=\"block-cta has-image alignfull\">\n\t<div class=\"maybe-wrapper\">\n        \t\t<div class=\"img\" style=\"background-image: url('https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2021\/11\/Ullrich_Kathryn_Web-731x828.jpg');\"><\/div>\n        \t\t<div class=\"left\">\n\t\t\t<h2>Kathryn Ullrich<\/h2>\t\t\t<p class=\"subheading\">Managing Partner<\/p>\t\t<\/div>\n\t\t<div class=\"right\">\n            \n\n<p>Kathryn is a Managing Partner in DHR\u2019s tech-focused Silicon Valley office, and a member of the Technology, Professional Services, Private Equity and Diversity Practices.<\/p>\n\n\n\n<div class=\"wp-block-button alignleft\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.dhrglobal.com\/consultant\/kathryn-ullrich\/\" target=\"_blank\" rel=\"noreferrer noopener\">Learn More<\/a><\/div>\n\n\n        <\/div>\n\t<\/div>\n<\/div>\n\n\n\n\n\n<div class=\"block-cta has-image alignfull\">\n\t<div class=\"maybe-wrapper\">\n        \t\t<div class=\"img\" style=\"background-image: url('https:\/\/www.dhrglobal.com\/wp-content\/uploads\/2021\/10\/Smith_Heather_Web-731x828.jpg');\"><\/div>\n        \t\t<div class=\"left\">\n\t\t\t<h2>Heather Smith<\/h2>\t\t\t<p class=\"subheading\">Partner<\/p>\t\t<\/div>\n\t\t<div class=\"right\">\n            \n\n<p>As a member of the Board &amp; CEO Practice at DHR, Heather works with clients to successfully place C-level executives, chairmen, CEOs and board directors. She is based in Chicago.<\/p>\n\n\n\n<div class=\"wp-block-button alignleft\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.dhrglobal.com\/consultant\/heather-smith\/\" target=\"_blank\" rel=\"noreferrer noopener\">Learn More<\/a><\/div>\n\n\n        <\/div>\n\t<\/div>\n<\/div>\n\n\n\n","protected":false},"excerpt":{"rendered":"<p>Executive Summary The Securities and Exchange Commission (SEC) will soon announce details regarding new levels of boardroom cyber accountability, including: How boards of directors for public companies should track and report cybersecurity risks and incidents. The effects of these incidents&hellip;<\/p>\n","protected":false},"author":17,"featured_media":15908,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[46,45,151,152,43,36],"insights_type":[49],"acf":[],"_links":{"self":[{"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/posts\/15871"}],"collection":[{"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/comments?post=15871"}],"version-history":[{"count":13,"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/posts\/15871\/revisions"}],"predecessor-version":[{"id":22169,"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/posts\/15871\/revisions\/22169"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/media\/15908"}],"wp:attachment":[{"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/media?parent=15871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/categories?post=15871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/tags?post=15871"},{"taxonomy":"insights_type","embeddable":true,"href":"https:\/\/www.dhrglobal.com\/wp-json\/wp\/v2\/insights_type?post=15871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}