Publication

Cybersecurity leadership and governance

April 2022

Cybersecurity oversight is a challenge for the board of every large company. The threat landscape is constantly changing; Russia’s invasion of Ukraine is the latest in a string of global events that heightens these concerns. In late February, the US Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) wrote an open letter to directors advising them to ensure that their organizations have their “shields up” because of the increased possibility of malicious cyber activity.1 A month later, President Biden said, “I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year. You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and
technologies on which Americans rely.”

Corporate directors are not taking these messages lightly. They are tightening their cybersecurity oversight practices and are eager to learn more as good practices continue to emerge. In March 2022, Tapestry Networks convened two in-person and four virtual discussions that brought the following cybersecurity experts together with the audit committee chairs of more than 100 large US public companies:

  • Diane Brown, Vice President of IT Risk Management and Chief Information Security Officer, Ulta Beauty

  • Marianne Brown, Director, Northrop Grumman, Charles Schwab, Akamai Technologies, VMWare; Former Chief Operating Officer Global Financial Solutions, FIS

  • Shirley Edwards, Partner, EY

  • Jamil Farshchi, Chief Information Security Officer, Equifax

  • Patrick Hynes, Principal, Cyber Threat Management West Region Leader, EY

  • Shabnam Jalakian, Vice President and Chief Information Security Officer, First America Financial

  • John McKinley, Technology Committee Chair, Equifax

  • Michael Palmer, Chief Information Security Officer, Hearst Communications

  • Chuck Seets, Partner, EY

  • Myrna Soto, Director, TriNet Group, Popular Inc, Spirit Airlines, CMS Energy; Former Global Chief Information Security Officer, Comcast

  • Sean Wessman, Principal, Americas Central Region Cyber Leader, EY

This ViewPoints synthesizes discussions about three key topics that emerged in the meetings:

  • The CISO is getting a seat at the table

  • Directors employ a range of tools to understand their companies’ cyber capabilities

  • Boards are assessing how best to provide and structure cyber oversight