Interconnectivity is a maze of opportunity that is also fraught with both seen and unseen risks. The web of threats and rewards is an equally challenging playing field for cyber-attackers, whose tricks and tactics are getting smarter and more sophisticated.
Managing cybersecurity risk demands a tech-savvy board of directors that gives a high priority to overseeing cybersecurity matters. A director of IT does double duty on a board of directors as a board director at-large who takes the lead on all IT-related issues.
Director of IT Has the Same Duties and Responsibilities of Every Other Board Director
While it’s important for a director of IT to take the lead in all things technology-related, this person can’t afford to be lax in other areas of board duties and responsibilities. The director of IT must be a person of strong ethical character who takes their fiduciary duties seriously. The person who fills the role of IT director is equally committed to the company’s mission and vision as their fellow board directors are.
Along with fellow board members, the director of IT participates in selecting the executive director or CEO, setting the salary for the position and completing the annual CEO performance review. This director serves on at least one committee and provides input on the budget, particularly in the area of cybersecurity. Regular board duties give oversight and strategic planning top priority. The IT director has special expertise and insight as to how cybersecurity fits into overall board duties.
How Does Having an IT Director Benefit a Board of Directors?
A qualified IT director is a valuable asset because the person who fills this role helps the board with its duties of oversight and planning, and also stands as a liaison with managers in implementing cybersecurity plans to protect the company and its shareholders.
How Having an IT Director Helps the Board
The IT director is an instrumental person on the board who accepts the primary responsibility for cybersecurity issues. Boards need a technological expert who stays up-to-date and informed on cyber trends.
Part of this responsibility requires helping the board to see cybersecurity as an enterprise-wide risk issue that has the potential for a major negative impact on the company, and not just as an important board topic. From a financial standpoint, the IT director helps to analyze the assets that the company could lose during a breach.
The IT director makes sure that the board dedicates enough time on the agenda to cybersecurity issues. Typically, the IT director gives the board a briefing on cybersecurity issues at least quarterly. Within the spirit of educating the board, the IT director may occasionally bring in third-party experts, advisors, law firms, audit firms or communications firms to help educate board members. Such meetings should help the rest of the board to better understand technological issues, risks and preparedness. Boards that are appropriately informed about cybersecurity issues will be able to make better decisions about the amount of money that they need to allocate for it in the budget so that it’s adequately funded.
An IT director will be able to review the company’s cybersecurity insurance policy and make sure they have enough liability coverage to protect their assets. As an expert in the field, the IT director guides the rest of the board on creating appropriate cybersecurity policies and procedures. The IT director anticipates changes around cybersecurity issues and updates the board on new security strategies and challenges as information becomes available.
Companies are starting to move in the direction of delegating cybersecurity issues to a standing technology committee. In this case, it makes obvious sense that the IT director would chair this committee.
How Having an IT Director Helps Senior-Level Managers
While it’s ultra-important that board members be able to make strategic decisions around cybersecurity issues, the IT director also stands as a liaison and niche expert with senior-level managers. Senior managers who fail to implement the board’s plans for cybersecurity may cost the company large sums of money, legal fees and lost time in production. More importantly, lax cybersecurity could cost loss of customers and weaken the company’s brand.
Managers rely on IT experts to advise them on setting goals and making plans for implementing the board’s decisions. This requires continually searching for and identifying risks from the normal channels and through third parties. The IT director works with managers to analyze challenges and work toward overcoming them. In addition, managers have much to gain from an IT director who has adequate knowledge of cybersecurity issues to inform the board about the need for adequate staffing and budgets for cybersecurity.
In the event of a breach, managers will be the frontline people to respond. An IT director can help managers create a rapid-response team to mitigate damage and communicate with the board. The IT director usually helps managers to set up a simulation or dry run of a breach, so they can practice their response and learn from it.
Corporations Moving in the Direction of Recruiting IT Directors
Boards of directors are recognizing the need to have cybersecurity and technological experts around the board table, which is creating a trend for recruiting board directors with technological expertise. IT board directors need the basic skills and abilities of board directors along with their niche expertise.
Many corporations are finding IT board directors out of a pool of former CISOs and CSOs. These individuals have experience in information and communications. Those who also have some background or experience in technical issues tend to make viable candidates for an IT board director position. Board candidates with military or intelligence backgrounds are also worthy candidates for IT director. Individuals under consideration may also have other qualifications, such as financial knowledge and sophistication, global experience and diversity.
Companies that appointed IT directors for their boards include AIG, Blackberry, CMS Energy, GM, Wells Fargo, Delta Air Lines and Ecolab. Axom and Parsons Corporation appointed women IT directors to their boards, which speaks to their commitment to diversity.
Having an IT director on the board is a valuable asset in today’s risky marketplace; however, boards need to be aware that such an appointment doesn’t relieve them of their duties with respect to cybersecurity oversight.
See how you can properly protect your board materials by using the right board portal solution. See how BoardEffect is the right solution for the needs of your nonprofit board.