Balancing profit and loss with cybersecurity expertise

November 23, 2023

Fabrice Houdart

This post is a guest-authored commentary piece discussing the findings of  Diligent Institute and NightDragon report, State of Cyber Awareness in the Boardroom.  This is the third blog in a series of global commentary pieces analyzing how the results on boardroom cyber awareness compare to other regions of the world.

Our partner Diligent Institute recently published a report highlighting that an increasing number of boards are seeking to incorporate cyber expertise within their ranks or bolster the education of existing board members on this topic as there is a severe lack of directors with cyber backgrounds in their boardrooms.  

While a preference for profit and loss experience remains, technical expertise such as cybersecurity is gaining traction in the boardroom 

It’s part of a broader trend in professionalizing and diversifying US Corporate Boards. Boards’ nomination and governance committees increasingly employ a skills matrix to visualize the current board composition and think through succession planning. 

This is precisely why the LGBTQ+ Corporate Directors is dedicated to showcasing LGBTQ+ talent who may not be on the board’s radar. By highlighting the skills of its members rather than their sexual orientation or gender identity, the association helps bridge the skills gap in boardrooms and promotes diversity in corporate governance. In 2022, key LGBTQ+ appointments such as Myrna Soto (Vectra) or Tysen Atticus (Norstrom) had specific cybersecurity expertise.  

A 2019 study by INSEAD Isabelle Solal and Kaisa Snellman showed that investors reacted negatively to the appointment of female Board members, highlighting an unfortunate bias toward male board members or at least a suspicion that the selection of “diverse board members” signals a change of priority in the company. Shifting the diversity discourse away from dimensions of diversity, such as gender, race, or LGBTQ+ status, to other dimensions of expertise has helped underrepresented groups while mitigating investors’ penalties. 

Boards continue to prefer candidates who possess profit and loss experience and have some prior governance experience. Companies believe executives managing profit and loss responsibilities have the most valuable insights. The underlying assumption is that boards can always access technical expertise from consultants and specialists. However, they often don’t, leading to blind spots in the boardroom. 

Recognizing the importance of technical expertise, including cybersecurity the topic of a recent webinar from the Association -  or even social justice is gaining momentum. MIT research (Research brief, NO. XIX-1 PUBLISHED: JAN 17, 2019) concluded that for companies with more than $1 billion in revenue, those with digitally savvy boards have at least 34% higher performance on revenue growth, market cap growth, and return on assets. We know diverse teams also improve productivity, so adding qualified and various cyber-savvy directors will result in the right discussions taking place on cyber and digital risks that businesses face, and the Board will be better placed to govern and oversee management’s approach to this ever-evolving set of business risks.  

In our discussions with board chairs and directors this year, they emphasized the need for a diverse set of skills on boards to ensure the company’s success in the coming decades. This represents a shift in mindset from the previous requirements, such as financial skills, extensive enterprise experience, business connections, compliance expertise, and industry-specific knowledge. Recently, the Association was part of a search for “a Fortune 100 CEO, or an Administration official at the secretary level”; very few LGBTQ+ people fit that criterion for apparent reasons linked to the level of discrimination LGBTQ+ people of that generation experienced. Three individuals fit that criteria, one currently employed by the Asdminitaruoin. Yet, if the search had focused on “T-shaped thinking,” where every board member has a broad understanding of various issues and deep expertise in specific key areas, the Association would have had many profiles to suggest. 

Overall, the evolving focus on technical expertise alongside profit and loss experience reflects the recognition that homogeneity on Boards is a liability and the need for boards to adapt to emerging challenges, such as cybersecurity oversight. This trend emphasizes the importance of a well-rounded board, where diverse skills and perspectives come together to drive effective decision-making and governance.  

 In a fraught political context, Diligent Institute reminds us that acquiring diverse expertise on the Board is not about being “woke” or ” ESG ” but about not leaving money on the table.  

About the author

Related content

[rt_reading_time postfix=”minute read” postfix_singular=”minute read”]


State of Cyber Awareness in the Boardroom

NightDragon, Diligent and our coalition of industry leaders analyzed the leadership

Learn more

[rt_reading_time postfix=”minute read” postfix_singular=”minute read”]


The importance of cybersecurity training

See why hundreds of board members are turning to cybersecurity training to upkill and be

Learn more

[rt_reading_time postfix=”minute read” postfix_singular=”minute read”]


Cyber Risk & Strategy Certification

Get certified to oversee cyber risk & strategy with Diligent Institute, the leading

Learn more