Navigating the cyber landscape.
Cyber risk presents unique challenges to the world’s largest enterprises. They are often the targets of state-sponsored cyber threats. The economic and political impact of a successful attack on a giant company is disproportionately significant, not only on its direct stakeholders but also on national well-being. The scale and scope of the risk is heightened by legacy environments and complex supply chains. Effective response will likely require greater engagement outside of the enterprise, with other companies and with the public sector.
In the largest enterprises, board oversight of cyber risk and cybersecurity demands distinctive approaches, which must evolve quickly. Directors serving on the boards of large enterprises are keen to learn from their peers about enhancing and improving governance.
Through CRDN, Tapestry Networks is creating a program of ongoing learning, problem-solving, communication, and policy development aimed at enhancing national cybersecurity. In addition to holding regular meetings, the network recently collaborated on a new approach for building board capabilities in overseeing cybersecurity risk: Cyber Oversight Effectiveness Development (COED).
COED seeks to help boards develop oversight that is proportional to their exposure to cybersecurity risk, and to compare their cyber oversight capabilities with other firms. It is predicated on the belief that cyber risk often requires fundamentally different treatment than other risks.
CRDN was shaped by a 2019 grant from the Hewlett Foundation and is currently sponsored by King & Spalding.
Recent press:
AgendaWeek: Opinion: A Framework for Board Oversight of Digital Security
Boards of Directors Are Showing Increased Concern Over Cybersecurity
Private Sector Wants More — and Better — Cybersecurity Cooperation with Government
Members of the Network currently include:
-
Joan Amble: Zurich Insurance Group, Booz Allen Hamilton, Sirius XM
-
Marianne Brown: Akamai, Charles Schwab, Northrop Grumman, VMWare
-
Les Brun: Broadridge Financial Solutions, Corning, Merck
-
David Ching: TJX
-
Pam Craig: 3M, Merck, Progressive
-
Frank D’Souza: General Electric, MongoDB
-
Bill Easter: Concho Resources, Delta Air Lines, Grupo Aeroméxico
-
Joe Echevarria: Bank of New York Mellon, Pfizer, Unum Group, Xerox Holdings
-
Jason Few: Marathon Oil
-
Linda Gooden: General Motors, Home Depot
-
Fritz Henderson: Marriott International
-
Chris Inglis: FedEx, Huntington Bancshares
-
Leslie Ireland: Citigroup
-
Tom Killalea: Akamai, Capital One Financial, MongoDB
-
Holly Keller Koeppel: AES, British American Tobacco
-
Jane Holl Lute: Union Pacific, Marsh McLennan
-
Dambisa Felicia Moyo: 3M, Chevron
-
Stuart Russell: Intact Financial
-
Risto Siilasmaa: F-Secure OYJ
-
Sherry Smith: Deere & Co.
-
Mona Sutphen: Pioneer Natural Resources
-
John Thompson: Norfolk Southern
-
Jan Tighe: Goldman Sachs Group, Huntsman, Progressive
-
Suzanne Vautrinot: CSX, Ecolab, Wells Fargo
-
John Veihmeyer: Ford
-
Ashok Vemuri: Kroger
-
Sue Wagner: Apple, BlackRock, Swiss Re
-
Greg Weaver: Verizon
-
Al Zollar: Bank of New York Mellon, Nasdaq, Public Service Enterprise Group
PUBLICATIONS
October 2021 Nearly every large public company has made significant investments in cybersecurity. But even where internal management of cyber risk appears strong, a board may worry that its ove
August 2020 members of the Cyber Risk Director Network met on July 1, 2020, to explore threats that are incipient, already developing, or possible given existing technology (but may not yet ha
August 2020 Members of the Cyber Risk Director Network met virtually on June 30, 2020, to explore the board’s oversight of data privacy, focusing particularly on strategy and reputational risk
