Cybersecurity

Board Members Can No Longer Ignore Cybersecurity 

Illustration of masked thief peeking through keyhole on laptop screen.

By Mick Cobb 

Cybersecurity is no longer optional for board members. Today’s boardroom is a perfect target for hackers. It’s home to the most important decision-makers in the company.  A data breach involving confidential board information can devastate an organization’s reputation and cost millions in incident response, recovery, ransoms or litigation.

Given the sensitivity and value of information that boards of directors typically possess, the potential damage of a hack into board deliberations is usually much worse than a data breach by a lower-level employee.

Search less. Close more.

Grow your revenue with all-in-one prospecting solutions powered by the leader in private-company data.

Yet, for many companies, cybersecurity for the board of directors is not given the same attention. To improve cybersecurity within organizations, board members should be held to the same standards as employees.

Costly consequences

Data breaches have costly consequences, including reputational damage, loss of customers, legal fees and regulatory penalties. According to an IBM Security Report, the average data breach in the U.S. costs more than $9 million. The cost can be higher for organizations in highly regulated industries such as health care.

Some 89% of board directors, administrators and staff members see cybersecurity as vital to their organizations’ success, and according to a recent IDG Communications report, 57% of CIOs see a need for security improvements.

Data breaches and cybersecurity attacks are not the only risks to boards. They also face threats from unforeseen and accidental leaks, which are embarrassing and can severely impact a company’s operations and bottom line.

Mick Cobb, CTO of OnBoard

Board directors’ personal and board email accounts are subject to discovery in litigation as well. When board members join an organization, they sign a contract agreeing to abide by security standards. If they fail to adhere to these standards, they open themselves up to personal liability, even if they only accidentally facilitated a leak or hack of board information.

The solution

What, then, can be done? To start, organizations should invest in solid cybersecurity infrastructures and provide training to board members on how to use them.

Secondly, make sure directors have appropriate security permissions. Not everyone on the board needs to have the same access to information. If there’s a conflict of interest—often a required disclosure in many industries and states—it’s best to limit some board members’ access to avoid potential issues.

Third, to protect a board’s communications from phishing attacks and other cyber threats, it is essential to use a secure communications platform that offers notification systems to let directors know they have messages waiting. This way, sensitive information is never transmitted insecurely.

Fourth, all board materials should be digitally managed via a secure platform. This is especially important for sensitive information that should not be stored in places like Google Drive or Dropbox.

Fifth, protect meeting minutes, the official record of a board meeting. If they fall into the wrong hands, confidential information could be exposed, damaging a company’s reputation. For this reason, it is essential to distribute minutes only to directors and to use a secure method. Google Drive or links sent via personal emails are not secure enough and should be avoided.

Sixth, chances are directors have sensitive information stored on their laptops, desktops or mobile phones. A board portal can help manage these devices, keeping them secure and, if lost or stolen, allow the data to be securely wiped.

Seventh, have a board that is cyber literate. Boards are usually composed of domain experts who know the ins and outs of their field. However, today’s boards look for those with cybersecurity knowledge. This ensures that your company is compliant with regulations and can implement the necessary suggestions to keep data safe.

Finally, be prepared. CIOs and IT teams should be given the resources and budgets to meet or exceed cybersecurity best practices. This includes regular security training for employees and directors.

By taking these steps, boards can ensure the smooth operation of their organization and the safety of their confidential information.


Mick Cobb is CTO of OnBoard, a secure board management platform, and is a leader in software development, IT service delivery, enterprise architecture and data security. Cobb holds an MBA from the Massachusetts Institute of Technology. OnBoard serves as the board intelligence platform for more than 3,000 organizations and their 12,000 boards and committees in 32 countries worldwide.

Illustration: Dom Guzman

Stay up to date with recent funding rounds, acquisitions, and more with the Crunchbase Daily.

Copy link