Large organizations face hundreds of attacks each year, with consequences that can have enterprise-wide implications far beyond IT. The recent news surrounding Anthropic's Claude Mythos 5 and Fable 5 models serves as a reminder that AI is lowering barriers to sophisticated cyber activity, potentially amplifying both the frequency and severity of attacks.
The regulatory environment also is raising expectations, with frameworks such as the Network and Information Security 2 Directive introducing elements of personal accountability at the board level. In this context, several directors described the board as the last line of defense on cybersecurity.
“Cybersecurity is top-of-the-agenda right now in all the boards I sit on,” said one director with multiple affiliations across several sectors.
This raises fundamental questions: How are boards of EMEA publicly listed companies governing cyber risks today, and what gaps remain?
To understand how boards are approaching the issue, we interviewed a dozen board chairs, audit committee members and non-executive directors from publicly listed companies across EMEA. Here’s what we learned.
Cybersecurity is a test of how boards adapt to a new category of risk: one that’s dynamic, technical, and deeply interconnected with strategy, operations and reputation.
The evolution observed across boards reflects a broader shift:
There’s no one-size-fits-all governance model. The appropriate approach depends on sector, scale and exposure. However, a set of common principles is emerging:
Effective cybersecurity governance won’t come from turning directors into technical experts or by appointing a swath of new experts to the board. Rather, boards must be equipped to understand the issues, ask the right questions, challenge management and make informed decisions when it matters most. As cyber threats evolve, so too must the boardroom.
List of interviewees
|
Agathe Martin-Gougenheim is a senior member of Russell Reynolds Associates’ Board & CEO Advisory practice and Technology Practice. She is based in Paris.
Yuelu He is a member of the Russell Reynolds Associates’ Commercial Strategy & Insights Board & CEO Advisory team. She is based in Munich.