-
Boards Need a More Active Approach to Cybersecurity
by Noah P. Barsky and Keri PearlsonSummary
Many boards overestimate their company’s cybersecurity readiness while underestimating the strategic importance of their own role in shaping it. New survey data reveals a gap between perceived cyber investment and true board-level understanding, reflecting a broader misalignment: too many directors see themselves as growth strategists rather than stewards of long-term resilience. Boards make three common mistakes: they underestimate the cost of inaction, ignore technical debt, and avoid bad news. To become better stewards, they can take five steps, including reframing cyber discussions around business impact, treating cybersecurity spending as a strategic investment, and recasting cyber updates as learning opportunities. Ultimately, making stewardship central to board governance is essential to preventing avoidable cyber crises and building enterprise-wide digital resilience.