www.digitaldirectors.network
Executive Summary
Evidence shows that effective digital, cybersecurity and systemic risk governance creates and protects
business value. Empirical evidence proves that significant positive business impacts and tangible business
results are created when there is a high-performing corporate board in place with the expertise to capably
govern the digital upside and protect against the downside. Negative impacts follow when this is absent.
Voluntary and mandatory standards are developing. Voluntary and mandated standards from regulators
that are specific to the role of the board in governing digital business systems are maturing and emerging.
Regulatory coercion is forcing the adoption of specific boardroom policies, processes and procedures that are
strengthening the role of directorship in the digital business system. Leading practices standards continue to
develop and mature.
Self-regulated board transformation remains the best path forward. The leading edge of digital and
cybersecurity governance is now being self-regulated into place. The number of boards and corporate
directors who are transforming one or more aspects of their governance systems continues to grow. While
self-regulation is slower than forced government mandate, these boardroom leaders recognize their
responsibility to shareholders and stakeholders and are taking action. Regulatory mandate also tends to lag
the reality of market risks.
Digital risk is rapidly changing, expanding, and is not sufÏciently understood. New risks continue to
emerge as a result of new technologies and the growing complexities of the complex digital business systems
that power companies. Corporate directors are learning about these weaknesses the hard way — because of
incidents at their company or high-profile companies like UnitedHealth Group and CrowdStrike. Technologies
like AI are creating new risks, and the understanding, identification and mitigation of systemic cyber risks like
the CrowdStrike incident is nascent and not keeping up. More large scale incidents are guaranteed.
Solutions exist, they are just not widely understood or distributed. We know how to fix the problem as it
is well understood by DDN and the leaders who are at the forefront of implementing processes that have been
proven to work to drive and protect business value. However, more leaders on both sides of the boardroom
table need to be proactive and willing agents of change and the pace needs to accelerate. Individual leadership
initiatives are slow and new stakeholders need to step-up including institutional investors and the corporate
leaders in IT and cybersecurity who have an ethical and moral responsibility to fix the problems that their
innovations have created, starting with strengthening boardroom leadership over these technologies.
created, but a business opportunity if they do.
www.digitaldirectors.network