The impact of a cyber attack can be devastating to a business.  Even if your firm has a competent Chief Information Security Officer (CISO), who is watching them?  Rarely does the Board of Directors (BoD) have sufficient knowledge to ensure the security program is delivering an appropriate level of security that properly balances the company’s risk tolerance with adequate protection. 

  • According to a 2022 study by IBM, the average cost of a data breach in the U.S. was $9.44 million. This cost includes direct costs such as investigation, remediation, and legal fees, as well as indirect costs such as lost revenue and reputational damage.
  • The FBI’s 2022 Cyber Crime Report found that the financial impact of cybercrime has dramatically increased from $6.9B in 2021 to $10.3B in 2022.  
  • In March 2022, the SEC proposed a mandatory cybersecurity disclosure to be added to Form 8-K as Item 1.05 to disclose any material cybersecurity incidents within 4-days of discovery.
  • As of March 2023, the SEC has also started taking cyber vulnerabilities much more seriously than it has in the past. They recently fined Blackbaud, a South Carolina tech company $3 million for making “misleading disclosures” about a 2020 ransomware attack.
  • 73% of customers would consider leaving a company after a data breach.

Do you have a cyber security advisor or expert on your Board of Directors? 

Here’s why you should.

The criticality of protecting a company’s digital assets and reputation elevates the need for oversight.  Public companies can significantly benefit from hiring an experienced cybersecurity board advisor to oversee and evaluate the security program and its leadership. Just as the Board of Directors provides financial and operational oversight, it should also provide risk and security oversight.

The trend to hire cyber experts on the BoD is on the rise as shown in the 2022 Audit Committee Transparency Barometer survey but most BoDs are still lacking in the expertise to oversee a critical area of risk.

5 Reasons to Hire an Experienced Cybersecurity Advisor as a Board Member

1. Provide strategic direction and oversight

An experienced cybersecurity advisor as a board member can help public companies develop a comprehensive cybersecurity strategy that aligns with the company’s overall business strategy. They can also provide oversight to ensure that the company’s cybersecurity measures are effective and in line with industry best practices. According to a report by the National Association of Corporate Directors (NACD), “the board’s role in cybersecurity governance includes ensuring that the company has an effective cybersecurity program in place and providing oversight of management’s efforts to manage cyber risk.”

2. Define the Appropriate Level of Risk Tolerance

Every business has a different appetite for risk. Aligning the cost of a cybersecurity program with the firm’s risk tolerance is a delicate balance. An advisor can oversee the effectiveness of the company’s cybersecurity practices, such as regulatory compliance, vulnerability assessments, penetration testing, and employee training programs to assure they align with the desires of the BoD.

3. Increase stakeholder confidence

Cybersecurity breaches can significantly impact a company’s reputation and financial performance. When a company suffers a data breach, stakeholders, including customers, investors, and employees, may lose confidence in the company’s ability to protect its data. Hiring an experienced cybersecurity advisor as a board member can help increase stakeholder confidence in the company’s cybersecurity measures.

4. Improved decision-making

By having an experienced cybersecurity advisor on the board, the company can make better-informed decisions regarding cybersecurity matters. The cybersecurity advisor can provide the board with valuable insights into the current threat landscape and help the board understand the potential impact of cyber-attacks on the company’s operations and reputation. This can help the board make informed decisions regarding the allocation of resources toward cybersecurity measures.

5. Reduced cyber risk

An experienced cybersecurity advisor can help the company identify and address potential cybersecurity risks, reducing the likelihood of a cyber-attack. An advisor can be a welcomed sounding board for the security leader to ensure they are implementing cybersecurity best practices and staying ahead of emerging threats. The partnering between the advisor and security leader can accelerate improvements in the firm’s cybersecurity posture and reduce the risk of a data breach. 

The security advisor can improve the strategy, confidence, and reputation of both the security program and the firm. Thereby, resulting in significant cost savings in breach avoidance, plus, allowing the BoD the ability to sleep better at night knowing vital employee, product, and client data is properly protected.

Identifying a board-level security advisor is challenging.  Fortify Experts hosts CISO Forums and works with security advisors every day.  Download our new ebook on How to Hire a Great CISO.

Learn how to hire a great CISO with our Insider’s Guide.


About Tim Howard

Tim Howard is the founder of 4 technology firms including Fortify Experts which helps companies hire the Best Cyber Talent on the Planet as well as providing expert consulting and NIST-based security assessments

In addition, he has a passion for helping CISOs develop higher-performing teams through coaching, creating topic-rich CISO Forums, and by helping them create highly-effective team cultures.

He also teamed up with Lyndrel Downs to launch to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the cybersecurity industry.

Tim has been leading technology staffing teams for over 20 years and has degrees from Texas A&M University in Industrial Distribution and Marketing.  

Invite me to connect: