Information Technology (IT) Integration and Cybersecurity/Security: The Security Savviness of Board of Directors

As Information Technology has become increasingly important to the competitive position of firms, managers have become more sensitive to their organization's overall IT risk management. Given the significant cyber-attacks that are occurring with disturbing frequency, and the mounting evidence that companies of all shapes and sizes are increasingly under a constant threat of cyber-attacks, ensuring the adequacy of a company's cybersecurity measures has become a key area of purview for the Board of Directors (BoD). To address this issue, staffing the Board with members who have significant security expertise might be one of the best protective mechanisms in an increasingly risky business environment, both from the perspective of sound corporate governance and in terms of sensible IT governance. We expect that high-tech firms are far likely to have Board members with security expertise, and we expect that the degree to which IT is a differentiator or primary value proposition in the firm will moderate the presence of security expertise at the Board level, and we also expect that internal audit capabilities with security expertise will tend to moderate between a firm's technological sophistication and security expertise at the Board level.