IANS Research, Artico Search, and The CAP Group has released a new research-based publication, ‘CISO as Board Directors - CISO Board Readiness Analysis’, which evaluates the qualifications of chief information security officers (CISOs) across the Russell 1000 Index against five key traits of credible candidates for cyber expert board positions. The study found that just 14 percent of R1000 CISOs stand out as potential board director candidates.
New SEC rule changes are expected to require public companies to formally disclose the cyber security expertise of the board. On most boards, cyber understanding is insufficient: recent research by The CAP Group revealed that 90 percent of Russell 3000 companies lack a single board director with cyber security expertise, illustrating a ‘significant cyber expert supply-side gap’.
“In light of the proposed SEC rule changes, boards will need to identify candidates with cyber security expertise, and it makes sense that they will look to CISOs to fill this gap,” said Phil Gardner, CEO of IANS Research. “However, only a small fraction of CISOs are strong candidates for boards today.”
The CISO Board Readiness report identifies key traits of credible board candidates, analyzes CISO board readiness, and provides recommendations for companies considering CISOs for board roles. To determine the essential Board traits of a cyber board director, the research team examined the profiles of CISOs who currently hold corporate directorships. The analysis identified five overarching traits:
- Infosec tenure
- Cross-functional expertise
- Ability to scale
- Advanced education
“Technology and cyber security expertise alone are insufficient for board directorships,” stated Brian Walker, CEO and cyber board advisor at The CAP Group. “Board directors operate at a strategic level and in most boards, there is no room for ‘one-trick ponies” since adding a new director for every complex domain of expertise isn’t scalable.”
Other key findings include:
- Approximately 6 percent of R1000 CISOs have first-hand corporate board director experience.
- Another 14 percent of R1000 CISOs represent a strong candidate pool for board service.
- In all, roughly half of R1000 CISOs might be viable candidates for joining boards.
- Half of the viable CISO candidates are female or from an underrepresented group, providing an opportunity to add diversity and cyber expertise in a single candidate.
“The transition from executive leadership to board directorship is profound, and many struggle to adapt. Both boards and CISOs would benefit from aligning on expectations for a board-ready cyber expert,” stated Steve Martano, a partner and executive recruiter in Artico Search’s cyber practice.