Cybersecurity expertise creeps onto Fortune 500 boards

As Fortune 500 companies reimagine strategy, operations and culture to become digitally driven, businesses are relying on experienced technologists to serve as board members.

Last year, 17% of the 449 Fortune 500 companies that appointed new board members selected people with cybersecurity experience, according to the latest Heidrick & Struggles Board Monitor report. That's up from just 8% in 2020.

Leading the way is the financial services industry, which accelerated its shift to online banking during the COVID-19 pandemic, the report says.

The stakes are high, especially for companies in mature industries such as life insurance, jewelry, airlines and hotels. Legacy businesses need help rethinking business operations.

“We’re not Amazon or Google, [which] can afford hundreds of billions of dollars. You have to make great strategic bets. These things take a long time and they’d better work out,” Elie Maalouf, CEO of hotel giant IHG’s Americas division, said during a hospitality industry investment summit in New York City in June. 

He cited the industry’s long-overdue need for cloud-based reservations systems, which have yet to materialize.

The trend for large corporations to pick CIOs, CISOs and other tech experts dates back five to 10 years, when a small-but-growing number of boards sought to ensure their companies could address both “opportunity and threat,” said Theresa Wise, former CIO Northwest Airlines and Delta Airlines and current board member for several companies including the travel management company CWT. It’s evolved since then.

“I see more CEOs bringing tech-savvy business leaders into their inner circles, and more boards seeking strategic leaders with tech expertise and experience,” Wise told CIO Dive in an email interview.

“Their tech expertise is not their 'purpose,’ but rather it adds diversity of perspective to a board,” Wise said. “This helps them build more resilience [for] their boards to address looming cybersecurity threats, and growing regulatory, shareholder and stakeholder pressures to adopt more sustainable business practices.”

Just take into consideration the number of threats businesses are up against. Microsoft Security blocked around 10 million malware threats and nearly 36 billion phishing and other malicious emails in 2021. 

Cybercrime is expected to create about $10.5 trillion in annual costs by 2025, compared to $3 trillion a decade ago, Microsoft's Vasu Jakkal, CVP of Security, Compliance, Identity and Privacy, told CIO Dive in an email.

“These threats impact organizations everywhere, pushing cybersecurity needs to the forefront,” Jakkal said.

Other factors that Jakkal cited:

• An understaffed U.S. workforce with one in three security roles left unfilled, potentially leaving in-house defense weak.
• The pandemic-era hybrid work environment, which can create new opportunities for cybercriminals
• The switch to remote work, which similarly presents new security challenges.

“We know this firsthand,” Jakkal said. “Microsoft’s own challenge was to ensure our embrace of hybrid work was managed from a security perspective and would ultimately drive productivity and empowerment for employees.”

For technologists looking to broaden their experience on boards, the opportunities are growing across the board, said Joe Meyer, founder and CEO of tech startup ExecThread.

“We’ve seen more requirements touch on strong IT and engineering backgrounds,” said Meyer, whose company aggregates executive-level and board-role opportunities.

The number of board roles requiring tech experience have risen across all types of companies – from tech startups to large, traditionally non-tech-driven multinationals, said Meyer.

“The pandemic only accelerated this trend,” Meyer said. “Even at tech companies, it’s important to have a non-operating technology expert on your board.”

Comments are closed.