In light of the proposed SEC rule changes, boards will need to identify candidates with cybersecurity expertise, according to Phil Gardner, CEO of IANS Research.
“It makes sense that they will look to Chief Information Security Officers (CISOs) to fill this gap, however, only a small fraction of CISOs are strong candidates for boards today,” he said.
According to a collaborative research study from IANS Research, Artico Search and The CAP Group, only 14% of CISOs stand out as potential board director candidates.
The study – ‘CISO as Board Directors – CISO Board Readiness Analysis’, evaluated the qualifications of CISOs across the Russell 1000 Index (R1000 [top 1000 US public companies by market capitalization]) against five key traits of credible candidates for cyber expert board positions.
According to the findings, in all, roughly half of R1000 CISOs might be viable candidates for joining boards.
In addition, half of the viable CISO candidates are female or from an underrepresented group, providing an opportunity to add diversity and cyber expertise in a single candidate.
New SEC rule changes are expected to require public companies to formally disclose the cybersecurity expertise of the board.
On most boards, cyber understanding is insufficient, with recent research revealing that most companies lack even a single board director with cybersecurity expertise.
Recent research by The CAP Group revealed that 90% of Russell 3000 companies lack a single board director with cybersecurity expertise, illustrating a significant cyber expert supply-side gap.
Gardner said that IANS Research has partnered with Artico Search and The CAP Group to equip both boards and CISOs with valuable insights and recommendations to close the cyber expert supply-side gap.
The CISO Board Readiness report identifies key traits of credible board candidates, analyzes CISO board readiness, and provides recommendations for companies considering CISOs for board roles.
To determine the essential Board traits of a Cyber Board Director, the research team examined the profiles of CISOs who currently hold corporate directorships.
The analysis identified five overarching traits: Infosec Tenure; Cross-functional Expertise; Ability to Scale; Advanced Education; and Diversity.
“Technology and cybersecurity expertise alone are insufficient for board directorships,” said Brian Walker, CEO and cyber board advisor at The CAP Group.
“Board directors operate at a strategic level and in most boards, there is no room for ‘one-trick ponies’ since adding a new director for every complex domain of expertise isn’t scalable,” he added.
“The transition from executive leadership to board directorship is profound, and many struggle to adapt. Both boards and CISOs would benefit from aligning on expectations for a board-ready cyber expert,” commented Steve Martano, a partner and executive recruiter in Artico Search’s cyber practice.