Digital Directors Are Needed Now More Than Ever

Dottie Schindlinger

Digital Directors Are Needed Now More Than Ever

Digital Directors Are More Important Now Than Ever

Listen to Episode 28 on Apple Podcasts

Guest: Bob ZukisCEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business

Hosts: Dottie Schindlinger, Executive Director of the Diligent Institute, and Meghan Day, Senior Director of Board Member Experience for Diligent Corporation

In this episode:

  1. What’s the current state of cyber preparedness? Boards are aware of cyber risk and talking about it. The next step is transformative action—and COVID-19 might be the catalyst to make it happen.
  1. What’s holding boards back?According to Zukis, lack of understanding the systemic nature of risk and the multifaceted nature of digital expertise.
  1. What steps can boards take right now?Create a committee dedicated to cybersecurity and risk, Zukis advises, and take advantage of available resources.  

Why Boards Need More Digital Directors: 

One “business” that’s thriving during the COVID-19 pandemic is cybercrimeTechnology website Endgadget reports that “instances of cybercrime appear to have jumped by as much as 300 percent since the beginning of the coronavirus pandemic, according to the FBI.”

“Cybercriminals are unbelievably well organized and unbelievably opportunistic,” saysBob Zukis, CEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business. “They find the weak linkthat’s what they do, that’s their job.”

In this episode, podcast co-hosts Dottie Schindlinger, Executive Director of the Diligent Institute, and Meghan DayDiligent Corporation Senior Director of Board Member Experience,talk to Zukis about where boards are at in terms of preparedness, and how “digital directors” can help.

board member with the NACD Pacific Southwest chapter and a Senior Fellow at The Conference Board’s Governance Center, Zukis is a leading advocate for digital diversity in the corporate boardroomAsPwC Advisory partner and member of PwC’s global and APAC leadership teams, he lived and worked on the front lines of globalization across four continents and twenty countries.

What’s the current state of cyber preparedness?

Zukis cites “a cybersecurity leadership crisis in companies all around the world in the boardroom”:They need to move from awareness of cyber risk to action. Boards need more “digital directors.”

“Directors are talking about cybersecurity, so they know this is an issue,” he says. “The awareness levels are there, the conversations are happening, but what boards are not doing enough of, in my opinion, is really taking transformative steps toward dealing with the problem.”

COVID-19 could be the catalyst that elevates digital expertise on boards, just as the Sarbannes-Oxley Act 18 years ago was the catalyst to making financial expertise a board standard.

The ultimate crisis facing a lot of companies right now is business continuity, Zukis explains.“You had that before withdigital and cybersecurity risk, but now the risk vector and threat are coming from a different perspective.For the CIO and CISO, this is a leadership moment to step into this problem and talk about business continuity.

This is a leadership moment for talking about business continuity: what’s happening with the workforce, with suppliers, and how technology can play a role in sustaining the organization.

– Bob ZukisCEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business

What’s holding boards back? Not having enough digital directors.

What’s the biggest barrier in this transition? In a word, says Zukis, understanding.

As the role of the CIO and CISO has increased dramatically in the board room, approaches to digital understanding have often stalled, say with checklists of 10 things director should be asking about digital transformation” or10 questions directors should be asking about cybersecurity risk.”

“Those questions are useless if you don’t understand the answers,” Zukis says. “Having directors who can conceptualize and comprehend these issues is the first leg of solving the problem.”

Such comprehension requires boards to acknowledge the “very diverse set of competencies in the digital domain,” he says.“It’s just not cybersecurity.There are data issuesarchitecture issues, risk communications issues,and issues around third-party exposure and regulations.”

Directors must also learn to look at risk systemically, he adds, rather than view cybersecurity as a component of enterprise risk, which is the traditional board perspective. 

Digital isn’t just one thing.It’s a collection of several very complicated demands, and all of those domains need to be represented and embodied within the board.

– Bob ZukisCEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business

What steps canboards take now?

One action is creating a dedicated committee for technology and cybersecurity, which companies from FedEx to Target have done (frequently in the aftermath of a breach) and which the Digital Directors Network recommends. 

Too often, says Zukis, cybersecurity and risk fall to the audit committee

I think the audit committee is the absolute worst place for any company to put cybersecurity and risk oversight,” he says. “For one reason, that committee is unbelievably busy in terms of their workload, so cybersecurity tends to get thrown in as an afterthought.”

Another step is for board members to become “digital directors” through resources from organizations such as the National Association of Corporate Directors, The Conference Board, and the National Institute of Standards (NIST). Zukis also recommends resourcesdeveloped by the Digital Directors Network including the DIRECTOR™ framework, which identifies the eight domains that comprise any complex digital business system, from data to risk communications to third-party issues, operations, and regulations.

“The NIST cybersecurity framework isn’t really a governance framework, but I think directors have to understand the challenges their cybersecurity professionals have to deal with day in and day out.”

– Bob ZukisCEO and founder of the Digital Directors Network and a professor at the USC Marshall School of Business

Listen to Episode 28 on Apple Podcasts

Also in this episode…

Zukis talks about the “pit bulls and cocker spaniels” of Warren Buffet’s annual letter—one of his stay-at-home reading recommendations—and the “Digital Riskopoly” board game he’s created with the Digital Directors Network, which combines his lifelong passion for cartooning with his current work in governance.

Resources in this episode:

Related Insights

The Rising Tide of ESG – Navigating the Road Ahead


The Board's Role in Leading and Enabling GRC


Board and Executive Collaboration: Components of a Secure Platform for the Evolving Workplace

White Paper
Dottie Schindlinger

Dottie Schindlinger is Executive Director of the Diligent Institute, the governance think tank and research arm of Diligent Corporation. In her role, Dottie promotes the intersection of governance and technology as a recognized expert in the field.' She co-authored Governance in the Digital Age: A Guide for the Modern Corporate Board Director, '2019, John Wiley & Sons Publishers, and is creator and co-host of The Corporate Director Podcast, a fortnightly show featuring corporate directors sharing their stories about modern governance.''

Dottie was a founding team member of BoardEffect, a board management software platform launched in 2007 focused on serving the needs of healthcare, higher education & nonprofit boards. Prior to BoardEffect, she spent 15 years working in a variety of governance roles, including as a board support professional, consultant, trainer, board member, and senior executive. 'Dottie serves as the Vice Chair of the Board of the Alice Paul Institute, and is a Fellow of the Salzburg Global Seminar.' She is a graduate of the University of Pennsylvania.