In the wise words of Professor Lynn Sharp Paine, former Senior Associate Dean at Harvard Business School, the primary role of a board is to ensure that a company operates within the "Zone of Sustainability" – a vital nexus of legal, economic, and ethical sustainability. In our rapidly evolving digital world, a key challenge to this zone is cybersecurity.
Why Should Directors Care?
- The Magnitude of Cyber Threats: As emphasized by the World Economic Forum (WEF), cyber risk ranks just below climate change in global threats. The distinguishing factor? The impact of cyber threats is immediate and potentially catastrophic.
- Substantial Organizational Impact: Cyber attacks can inflict significant financial losses, tarnish reputation, and bring legal repercussions. This reality necessitates a heightened focus on cybersecurity from a governance perspective.
- Increased Director Liabilities: The European Union is ramping up cybersecurity regulations, expanding the scope and accelerating the pace. This change escalates the explicit liabilities for directors, underlining the general duty of care required in their roles.
- Widespread Underestimation of Risks: Particularly in non-regulated industries, there is a notable underestimation of the risks and opportunities presented by cybersecurity. This lack of awareness and preparedness not only affects immediate stakeholders but also poses broader societal challenges, potentially hindering the progress of digitization.
This complex landscape significantly impacts individual directors. It calls for an informed and proactive approach to integrating cybersecurity into the governance framework. This is not just a technical challenge; it's a strategic imperative. By addressing cybersecurity effectively, we safeguard our organizations and contribute to a more secure, resilient digital society.
As Chair of the GUBERNA Sounding Board Committee, I urge my fellow board directors to recognize the critical importance of cybersecurity. Let's commit to making informed decisions that enhance our organizations' resilience and advance the collective digital security of our society.