Helping companies reduce penalties and fines while avoiding data breaches is a solution many of our clients bring to their own companies. Data breaches are a massive problem companies are facing in the post-pandemic business environment. Helping organizations close the gap is less complicated than you may believe when you consider your own success managing (or mitigating) a crisis.
And because of your experience, you may be an ideal candidate for a board advisory role serving a public or private board of directors. This article explores the primary differences between a fiduciary board and an advisory board opportunity, top current issues facing organizations and my short and recent interview with the CEO of a national organization that recently experienced a massive data breach.
According to another 2021 World Economic Forum report, “corporate leaders are increasingly elevating the importance of cybersecurity to their companies.”
Here are the top five concerns based on a survey conducted in 2021:
- More complex cybersecurity challenges, including ransomware attacks and “fake news.”
- Fragmented and complex regulations across borders.
- Dependence on other parties and the ecosystem is only as strong as its weakest link.
- Lack of cybersecurity expertise, particularly in ransomware, an exacerbated threat during the pandemic.
- Difficulty tracking cyber criminals (the likelihood of detecting a cyber criminal is as low as 0.05% in the US).
If your expertise is in the growing discipline of cyber security, computer security, information technology, and data protection—helping your board remain safe from information disclosure, theft of or damage to hardware, software, or electronic data, and from the disruption or misdirection of services they provide, your expertise may be highly marketable.
Whether your experience is in the technology side or the policy side, that experience is extremely valuable.
Many CEOs and other CXOs have operational expertise that we have positioned for boards of directors needing to reduce risk and fortify their business strategy and business continuity plans. Whether you’re seeking a fiduciary board seat or an advisory board seat, your expertise can help an organization and its customers protect their digital assets, remain compliant, protect the company brand, and keep customers (and regulators) happy.
An advisory board role can also serve as a roadmap to a fiduciary board opportunity and is an important component of your career plan. Explore the key differences between an advisory board opportunity and a fiduciary board opportunity here.
Fiduciary boards require a foundational knowledge in corporate governance practices while advisory boards are typically created to advise the organization on a specific project or a specific topic. If board service is in your career plan, think about leveraging your industry expertise as an advisory board member.
According to the same study by the World Economic Forum, information security was the most important aspect of technology initiatives and 44.7% of respondents indicated information security is the most important objective.
Lack of visibility is often the biggest barrier to entry for CEOs who aspire to serve on a board of directors. Business technology executives sometimes discount their experience as too junior, too specialized, or irrelevant for board service.
However, this is not the case.
Take Victoria, for example. Victoria is a Chief Product Officer with experience in artificial intelligence (AI), machine learning (ML), block chain, and cloud systems with a track record for scaling businesses from zero to $148M+ in annual recurring revenues in less than 37 months. Victoria’s current and relevant experience in real-world technology issues ensures her skills and insights are in demand.
Corporate Governance Knowledge
Victoria doesn’t have a board certification, which has not stood in her way of serving on advisory boards for Fortune 100 companies for organizations with $42B+ in revenues. Victoria’s strategy is very simple. Although she doesn’t have a director certification, she is well versed in corporate governance issues. Director certification ensures the board candidate is trained in governance models, including the role of board committees, legal issues, executive compensation, audit issues, regulatory compliance, and risk mitigation. It doesn’t replace real world experience.
Without key messaging and a targeted audience to share the messaging with, Victoria would not have catapulted her career to the top of her industry. She understands that she must work on her career (marketing) as well as working in her career (expertise).
Raise your visibility with board-level and CEO decision-makers
Victoria is always available to lend a hand, to advise the CEO, the board, customers, vendors, and employees and although there is no formal job description for doing so, she knows that “out of sight is out of mind”. She remains visible to key decision-makers and because of her willingness to share her knowledge, she is trusted among the top echelon of every organization she’s served.
Victoria is an expert at raising her visibility and this is how she did it. Consider this approach an extended networking strategy.
Governance, Risk, & Compliance (GRC) Function
Establishing the foundational tools and processes for ensuring regulatory and internal security policy compliance are keys to keeping an organization’s assets safe.
You’re likely familiar with the following example and this is how you can lend your expertise to a board.
CEO of a national Canadian organization weighs in on her experience with a major data breach in early 2021
As the CEO of a national organization, Aveling’s board experienced a major data breach in 2021 involving the deliberate exposure of key internal documents and intellectual property that exposed confidential (and controversial) information.
We spoke recently about her experience in preparation for this article, and here is our conversation:
Maureen: “Aveling, what would you have done differently to protect your organization from exposure?”
Aveling: “Our board of directors was ill prepared for the breach. Specifically, they didn’t understand their accountability regarding how governance data, information, and communications are shared externally. The intentionality of the breach was difficult for everyone in the organization to accept.”
Maureen: “What practices have you implemented?”
Aveling: “We now ensure directors are fully trained during their onboarding process, as well as undergoing a quarterly review of information management policies. We also ensure that each member of the board has a unique user ID for the technology we provide for them with strict VPN access because of the sensitive nature of the work we undertake and products we produce. Our organization previously was largely paper based with weak security controls outside of our production process.
Now when we access key documents in our board database, each impression is watermarked so we know who has access the information with date and time stamp. Our documentation and its access by employees and the board is far more controlled than in the past.
In addition, we were complacent. We had hired a third-party board management company who was engaged to protect our critical information. When the crisis occurred, the third-party company was unable to assist us. They were not able to determine the date, time, or the user ID of the employee who leaked the information. This was intensely disappointing, and we now have a crisis management team who conduct strict due diligence on all third-party vendors to ensure our organization is not exposed.
We terminated the vendor and took complete control of our plan.”
Here is her new risk mitigation plan:
“Although the cost to implement such a robust plan is significant, the opportunity costs of not doing so far outweigh the investment. We owe our customers our brand promise of quality products and services.”
From a career standpoint, the CEO is now positioned to advise other organizations based on her experience over the last 18 months.
At Westgate we help business leaders raise their visibility by creating branded portfolios and case studies that open doors. With powerful signature stories, you demonstrate your value proposition (your unique promise of value) to boards of directors for companies on your targeted list.