Digital Directors Are More Important Now Than Ever
Listen to Episode 28 on Apple Podcasts
Guest: Bob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business
Hosts: Dottie Schindlinger, Executive Director of the Diligent Institute, and Meghan Day, Senior Director of Board Member Experience for Diligent Corporation
In this episode:
- What’s the current state of cyber preparedness? Boards are aware of cyber risk and talking about it. The next step is transformative action—and COVID-19 might be the catalyst to make it happen.
- What’s holding boards back?According to Zukis, lack of understanding the systemic nature of risk and the multifaceted nature of digital expertise.
- What steps can boards take right now?Create a committee dedicated to cybersecurity and risk, Zukis advises, and take advantage of available resources.
Why Boards Need More Digital Directors:
One “business” that’s thriving during the COVID-19 pandemic is cybercrime. Technology website Endgadget reports that “instances of cybercrime appear to have jumped by as much as 300 percent since the beginning of the coronavirus pandemic, according to the FBI.”
“Cybercriminals are unbelievably well organized and unbelievably opportunistic,” saysBob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business. “They find the weak link—that’s what they do, that’s their job.”
In this episode, podcast co-hosts Dottie Schindlinger, Executive Director of the Diligent Institute, and Meghan Day, Diligent Corporation Senior Director of Board Member Experience,talk to Zukis about where boards are at in terms of preparedness, and how “digital directors” can help.
A board member with the NACD Pacific Southwest chapter and a Senior Fellow at The Conference Board’s Governance Center, Zukis is a leading advocate for digital diversity in the corporate boardroom. Asa PwC Advisory partner and member of PwC’s global and APAC leadership teams, he lived and worked on the front lines of globalization across four continents and twenty countries.
What’s the current state of cyber preparedness?
Zukis cites “a cybersecurity leadership crisis in companies all around the world in the boardroom”:They need to move from awareness of cyber risk to action. Boards need more “digital directors.”
“Directors are talking about cybersecurity, so they know this is an issue,” he says. “The awareness levels are there, the conversations are happening, but what boards are not doing enough of, in my opinion, is really taking transformative steps toward dealing with the problem.”
COVID-19 could be the catalyst that elevates digital expertise on boards, just as the Sarbannes-Oxley Act 18 years ago was the catalyst to making financial expertise a board standard.
The ultimate crisis facing a lot of companies right now is business continuity, Zukis explains.“You had that before withdigital and cybersecurity risk, but now the risk vector and threat are coming from a different perspective.For the CIO and CISO, this is a leadership moment to step into this problem and talk about business continuity.”
“This is a leadership moment for talking about business continuity: what’s happening with the workforce, with suppliers, and how technology can play a role in sustaining the organization.”
– Bob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business
“This is a leadership moment for talking about business continuity: what’s happening with the workforce, with suppliers, and how technology can play a role in sustaining the organization.”
– Bob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business
What’s holding boards back? Not having enough digital directors.
What’s the biggest barrier in this transition? In a word, says Zukis, understanding.
As the role of the CIO and CISO has increased dramatically in the board room, approaches to digital understanding have often stalled, say with checklists of “10 things director should be asking about digital transformation” or“10 questions directors should be asking about cybersecurity risk.”
“Those questions are useless if you don’t understand the answers,” Zukis says. “Having directors who can conceptualize and comprehend these issues is the first leg of solving the problem.”
Such comprehension requires boards to acknowledge the “very diverse set of competencies in the digital domain,” he says.“It’s just not cybersecurity.There are data issues, architecture issues, risk communications issues,and issues around third-party exposure and regulations.”
Directors must also learn to look at risk systemically, he adds, rather than view cybersecurity as a component of enterprise risk, which is the traditional board perspective.
“Digital isn’t just one thing.It’s a collection of several very complicated demands, and all of those domains need to be represented and embodied within the board.”
– Bob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business
“Digital isn’t just one thing.It’s a collection of several very complicated demands, and all of those domains need to be represented and embodied within the board.”
– Bob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business
What steps canboards take now?
One action is creating a dedicated committee for technology and cybersecurity, which companies from FedEx to Target have done (frequently in the aftermath of a breach) and which the Digital Directors Network recommends.
Too often, says Zukis, cybersecurity and risk fall to the audit committee.
“I think the audit committee is the absolute worst place for any company to put cybersecurity and risk oversight,” he says. “For one reason, that committee is unbelievably busy in terms of their workload, so cybersecurity tends to get thrown in as an afterthought.”
Another step is for board members to become “digital directors” through resources from organizations such as the National Association of Corporate Directors, The Conference Board, and the National Institute of Standards (NIST). Zukis also recommends resourcesdeveloped by the Digital Directors Network including the DIRECTOR™ framework, which identifies the eight domains that comprise any complex digital business system, from data to risk communications to third-party issues, operations, and regulations.
“The NIST cybersecurity framework isn’t really a governance framework, but I think directors have to understand the challenges their cybersecurity professionals have to deal with day in and day out.”
– Bob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business
“The NIST cybersecurity framework isn’t really a governance framework, but I think directors have to understand the challenges their cybersecurity professionals have to deal with day in and day out.”
– Bob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business
Listen to Episode 28 on Apple Podcasts
Also in this episode…
Zukis talks about the “pit bulls and cocker spaniels” of Warren Buffet’s annual letter—one of his stay-at-home reading recommendations—and the “Digital Riskopoly” board game he’s created with the Digital Directors Network, which combines his lifelong passion for cartooning with his current work in governance.