Cybersecurity and climate risk: Does your board need an expert?

Aug 24, 2022
Risk consulting Cybersecurity consulting Cybersecurity Audit

As they have been for decades, corporate directors are expected to play a key role in a company’s oversight and governance. However, as these board members know all too well, their critical function encompasses additional issues each year. This is a challenging time for corporate directors as they seek strategic understanding of all the various matters for which they are responsible.

This spring, the US Securities and Exchange Commission (SEC) released proposed rules regarding cybersecurity and climate-re­lated disclosures. Both proposals would require disclosures about the registrant’s governance, including the board’s oversight of these issues. If finalized as proposed, such disclosures would be required to address, among other matters, whether any board members or committees are responsible for such oversight and whether any board member has expertise in climate-related risks.

One reaction could be to concentrate on what the board needs to properly address these disclosures. But although such disclosures are important, they should not drive the board dynamics that are best for the long-term interests of the corporation.

When thinking about new and existing board responsibilities, consider stepping back and looking at the big picture. It may be best to “divide and conquer” the widening areas of responsibility by regrouping, potentially by forming separate board committees or subcommittees to oversee climate and other environmental, social, and governance (ESG) matters, cybersecurity, and even risk management generally. Each committee can stay up-to-date and be well informed regarding developments and risks within its area of focus, and can decide what type and level of expertise they need.

Given how investors across the spectrum have developed a keen interest in board composition and director skill sets, the focus on board expertise is real. And the need for the appropriate expertise in areas of high risk, such as cybersecurity, is top of mind for all boards. There are two paths a board may take to address the need for expertise related to new issues that come under its purview.

The first, obviously, is to look for a board member who embod­ies the expertise needed for oversight of a particular matter. This approach may seem appropriate in theory, but it can be more diffi­cult than it sounds to attract an individual who is an expert in a particular field and not too narrowly focused on just that. Directors are responsible for a wide range of complex matters, so if a new board candidate has cyber-risk expertise and is well-rounded and otherwise qualified, that’s great. But if that candidate is one-dimen­sional, that could result in fewer insights around the board table on myriad other matters.

Proactive, thoughtful, and informed board oversight does not necessarily mean the boardroom has to be filled with experts. Because directors need to understand what they are overseeing and think outside the box, an effective board takes a thoughtful approach to director selection, considering core requirements, the attributes of existing members, and the diversity sought in new members, among other factors.

Therefore, a second, sometimes more practical path to resolv­ing the ever-widening need for board expertise is to use qualified outside advisors. Doing so allows the board to focus on what candi­dates can contribute to board discussions holistically through their various strengths, industry and educational experiences, and risk appetites. It also allows the board to find the “best of the best” advisors on narrow topics.

An effective approach to the ever-expanding board agenda is to think broadly about members’ diverse competencies for fulfilling their legal, ethical, fiduciary, and financial responsibilities—and then to think very narrowly about experts that are integral to the process, but that can come from within or outside of the board­room, as appropriate.

Republished with permission from NACD Directorship summer edition.

RSM contributors

Subscribe to Critical Insights for Board Members

We work to understand the responsibilities of public and private boards of governance and share our views on what matters—for board members and those who report to them.