Corporate directors serve an especially critical role in overseeing the management and mitigation of the full range of risks to which their firms are exposed—by virtue of the industries in which they compete, the macroeconomic and regulatory environment to which they are subject, and the operating decisions that they make. Ensuring that the board aligns its own composition (the qualifications, experience, and background of directors individually and in the aggregate) as well as its practices (committee structure, board evaluation and succession planning) with the company’s long-term strategy is an essential prerequisite to effectively managing risk and leveraging opportunity.
The board’s collective ability to guide, advise and oversee companies—in good times and bad—is among its greatest responsibilities. Across the hundreds of companies with which we engaged over the past year, boards that stood out as well positioned for success were those that regularly review and align their skills and expertise against the strategic challenges that lie ahead. Some, however, found themselves in more difficult circumstances—perhaps wrestling with the emergence of a complex risk, or gaining unwanted attention from activists or agitators. More frequently than not, boards that fell into the latter category had not articulated a coherent process for aligning their composition with the evolving strategic needs of the firm over time.
A highly qualified, strategically relevant board serves as a critical risk mitigation measure for firms. Boards that recognize this reality will be better positioned to leverage strategic opportunities in a controlled fashion. Those that ignore it do so at their own—and shareholders’—peril.
One of the key risks facing corporate boards in 2017 will be to maintain focus on the long-term strategic objectives of the organization, while operating in what promises to be a turbulent environment.
Uncertainty around the presidential election, the evolving impact of Brexit, and the potential for increased trade restrictions will impact most industries. Management teams and boards are at risk of spending too much time focusing on the near-term challenges facing the business, at the expense of innovation and investments that will drive long-term success.
From a compensation perspective, we encourage boards to think creatively about ways to encourage long-term thinking by the management team while still recognizing annual performance. One approach is to tie a portion of the annual incentive to incremental success on long-term projects that support long-term goals. We also think that there is a continued role for stock options as they generally have a 10-year term and can align with a longer-term view. Finally, restricted stock that vests over five or more years could be used to encourage a focus on the long-term. Compensation plans that align with long-term business plans and are supported by clear and transparent disclosure are often well received by shareholders.
A recent study by market intelligence firm IDC predicts that by 2018, 75% of chief information security officers (CISOs) and chief security officers (CSOs) will report directly to the CEO or board of directors. While that is a great step toward increased communication and understanding, many boards are still treating cybersecurity as a technology issue relegated to technology leaders. Too few business leaders are treating cyber for what it is: an enterprise-wide threat that impacts all aspects of an organization.
A recent survey by Bay Dynamics found that 26% of board members identify cyber risks as their highest priority, yet many organizations fail to educate top decision makers.
To effectively build and reinforce a culture of security across the enterprise, training must be mandatory and cover more than basic awareness—even at the board level. While many business leaders react to data breaches and attacks following an incident, the focus should be on implementing proactive steps before a damaging breach hits. One of the most effective ways to train leaders is by providing baseline literacy in cybersecurity issues. Cyber literacy enables boards to make accurate assessments of enterprise risks and ultimately allows them to make more assertive and confident business decisions.
As part of cyber education, directors and executives need to learn to be able to ask the right questions from management. At the same time, those executives need to use that literacy to also set the expectations for security leadership: What assets are most important to the mid- and long-term business objectives of the company? What are the potential operational and financial impacts of a cyber incident to the enterprise? How do we protect our customers, partners and shareholders?