Public company directors have always carried a long list of concerns on their agenda and according to our April 2018 survey of 182 board members, cyber, reputation and shareholder-related risks continue to keep them up at night.
In the end, “we don’t know what we don’t know,” commented a director at a mid-sized financial company when asked to explain the main issue with cybersecurity.
Cybersecurity is, indeed, an area of risk that is evolving faster than we can move to eradicate—or at least control—it, with new threats and new methods of carrying out attacks emerging at an alarming rate. What’s more, the breaches that will come to light over the coming months have most likely already taken place, unbeknownst to the company. This delay in discovering a breach and the lack of preparedness in dealing with its disclosure is what experts say gets companies in trouble.
This may be why almost two-thirds (64%) of directors ranked the issue of cybersecurity, namely privacy and data security, as their top concern this year—an increase of eight percentage points since 2016.
When Reputation Is On The Line
The fact that reputational damage has made its way to the #2 spot on directors’ list of concerns is highly telling of today’s overload of controversies, as it is now overshadowing, by a considerable margin, other very important risks, including shareholder activism/litigation (23%).
“64% of directors ranked issue of cybersecurity, namely privacy and data security, as their top concern this year.”
“There is increasing boardroom angst about the sheer multitude of reputational risks—and very real costs in lost sales, market capitalization and litigation,” explains Doug Donsky, senior managing director of strategic communications at FTI Consulting, a global business advisory firm. “In the last year alone, we have seen headlines involving data breach (Equifax), data usage (Facebook), squashed mergers (AT&T), political risk and operational license (Uber), product contamination (Chipotle), customer service (United Airlines), alleged harassment, CEO compensation and expense reports. This might, in part, explain why reputational risk remains high among board concerns and is now a standard agenda item for discussion quarterly.”
Meanwhile, fears of shareholder activism and litigation seem to be assuaging, down five percentage points since 2016 and 11 percentage points over the past five years. The reason for this seems to be that activism has become a standard part of the business and that directors and their management teams are being more proactive in that regard.
There’s been a noticeable pattern of increased engagement with larger institutional shareholders over the years and boards are, now more than ever, seeking out input from significant stockholders. Directors should not get blasé about the risk, though, as there are still a lot of funds with the specific intent to stir up problems. And with more and more funds advancing issues of gender equality, diverse representation on boards, CSR and environmental issues, the question becomes, “How do you communicate effectively and efficiently, and how do you keep good lines of communication with your stockholder base?”