It seems as if every day one or two (or more) advisories come across my screen on board oversight of cyber risks. Just as I sit down to pen this note I download the latest newsletter of a good colleague and past author, IR expert Carl Hagberg, who headlines his lead story, “Cybersecurity Soars to the Top of Board Agendas” [The Shareholder Service Optimizer, Third Quarter 2014]. Webinars, roundtable discussions, and conferences abound on this topic.
Attention to cybersecurity is not misplaced. As PwC's recently released Investor Survey on Governance notes: “Risk remains a big topic of concern for investors, and they aren't happy with the information available to them about a number of risk topics. Most striking, almost 40% of investors don't think that boards really understand emerging risks that can affect the company.”
For this edition, Directors & Boards turned to two well-placed cybersecurity authorities for their guidance on navigating the risky road ahead. John Chen, chairman and CEO of BlackBerry, has identified what he calls “the next major risk management challenge” (which is exactly how we titled his cover-story article, page 18). That risk is enterprise mobility. Mobile devices, which are transforming the business landscape, are seen as “the weakest link in an enterprise security framework,” he writes. He offers counsel on how boards can move “from awareness to action” in dealing with this oversight challenge.
And right from a director's seat inside the boardroom comes Patricia Oelrich's reflections on how the board of Pepco Holdings addresses its cybersecurity risk management duties. This includes doing a “tabletop exercise”: “To demonstrate the complexities of incident response we walked through the events that would take place within the first 24 hours of a security event.” This is an initiative she recommends for the benefits it yields to the board, amply explained in her important article on page 22.
Moving boards from awareness to action is what we aim to achieve with the articles and authors that we publish. In addition to these two sound briefings on cyber risk oversight, we offer in this Fourth Quarter edition several more action-oriented advisories.
As crucial as cybersecurity is, you still have to put CEO selection right at the top of a board's responsibilities. You can't get much more action-filled than Noel Tichy's article, “Succeeding at Succession: Do This, Don't Do That” (page 25). The board of directors can do more to foster innovation in the corporation, which Beverly Behan and Tracy Warren both address in their articles (pages 29-31). Our close colleagues at Heidrick & Struggles tee up a set of recommendations on dealing with activist shareholders; it is one of the most balanced analyses you will find on this angst-ridden topic (page 43). George Isaac returns to our pages with a heads up to boards about the difference between business wealth creation and shareholder value ‘realization' (page 37). And one of our most provocative thinkers on board effectiveness, Allan Grafman, along with his co-author Idalene Kesner, lays out a worthy proposal for board member sabbaticals (page 64).
So take action: Turn the pages to enjoy the rich material inside this issue.