Four Lessons on the Cybersecurity Landscape from Summit Experts

During NACD Summit 2021 earlier this month, I had the pleasure of participating in a cybersecurity expert panel discussion. Given the ongoing headlines about cyberbreaches, elevated ransomware, and new regulations, it should be no surprise that this discussion sparked a lot of engagement.

In case you missed the panel—which comprised Robin Bienfait, CEO of Emnovate and founder of Atlanta Tech Park; Robert Kress, managing director at Accenture Security; and Jerry Perullo, chief information security officer (CISO) at Intercontinental Exchange—or are just looking to learn more about the current cybersecurity landscape, below is a recap of some of the key points we discussed.

While information technology (IT) security budgets are increasing, confidence in security seems to be decreasing. PwC recently reported that 69 percent of organizations are expecting to increase cybersecurity budgets in 2022, with about one-quarter expecting an increase of 10 percent or more. Meanwhile, according to research by EY,  just 9 percent of boards are extremely confident in their organizations’ security and mitigation programs, while 77 percent of respondents to the survey have seen an increase in attacks over the last 12 months.

With the increase in spending and decrease in confidence, one of the most common questions I’m asked by executives and risk practitioners is how organizations can best measure the performance of their cybersecurity programs. From a practical perspective, cyber-risk quantification—quantifying the financial impact of cyber threats—can help with that. But it is also worth understanding cybersecurity landscape trends because the performance of your cybersecurity program relies on them.

On that note, several factors are compounding the challenges that security professionals face in an already asymmetric cyber landscape. For instance, organizations are becoming increasingly digitalized to support their business goals, and this is increasing the attack surface for threat actors. In addition, threat actors are taking advantage of the growing landscape and are constantly scanning organizations for unknown vulnerabilities. These threat actors are also working as an ecosystem and sharing information among themselves. Blind and adversarial testing with red teams can provide valuable insights into how attackers view your organization, but your security team will need resources to execute this in an ongoing manner. 

The key point here is that while some executives may question the increased budgets and dwindling confidence, it’s important to recognize that the cybersecurity landscape is in a constant state of flux and that it is largely impacted by how businesses evolve. For example, as noted above, digital transformation and working from home evolved the threat landscape by adding new vulnerabilities to the mix. Recognizing the interconnected relationship between your business and security strategies is a critical step to engaging in more productive security discussions and providing security teams with the support they need. 

Since digitalization isn’t going away, there are some things you can do to reduce your exposure. For instance, before you make the transition to the cloud, evaluate the drivers behind making this transition and whether you have a plan around what gets moved and to mitigate risk. As a board member, asking and understanding whether your organization’s security will be as effective as the defense you had in place before moving to the cloud (in other words, asking whether moving to the cloud will create more or new risks and whether you are prepared to mitigate them) is a good way to evaluate whether the transition is worth the risk.

In addition, make sure your IT and security departments know who your cloud providers are. They can vary, from hosting providers such as Microsoft Azure and Amazon Web Services to software-as-a-service (SaaS) providers such as Salesforce. All of these environments need to be monitored, and your security team should be appropriately involved in onboarding and tracking. Finally, having a cloud-agnostic environment, in which you have multiple cloud providers in place in case one goes down, can increase your resilience to attacks. 

New regulations and disclosure policies present opportunities for boards to learn and engage. Take the executive order President Joseph R. Biden Jr. issued in May. It illustrates that the government expects organizations to be more proactive in disclosing and sharing cybersecurity information and to implement more rigorous measures to increase supply chain security. These requirements not only will have ripple effects across organizations and industries but also reflect many of the ongoing challenges the private sector has been facing.

So, increased requirements on disclosure could be a good thing. For instance, supply chain risk and third-party risk continue to concern the majority of organizations. In fact, only 35 percent of CISOs believe their third parties would disclose a breach in an adequate period of time. If disclosure requirements can be normalized for the private sector, the result will be better data on risk and response scenarios.

Ultimately, as panelist Jerry Perullo pointed out, many of the new regulatory requirements are around disclosure and recovery, so try not to get bogged down by metrics when talking to your CISO. Instead, reach alignment on your business objectives, primary threat and vulnerability concerns, detection and remediation capabilities, and recovery plans.

While these are just a few points discussed during the Summit session, they illustrate the variety of factors at play in the cybersecurity landscape and how many of these are inherently linked to how business is done today. While it is true that many of the digital practices businesses adopt create new risks, they also enable businesses to achieve more. 

Therefore, when you think about cybersecurity return on investment, think beyond prevention and consider how well your security practices enable your business to achieve its objectives while cost-effectively managing the corresponding cyber risks to an acceptable level.

Derek Vadala is senior vice president, head of risk at BitSight.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Three Questions Directors Should Ask About the Transition to Net Zero

Public and large private companies are increasingly under pressure to publicly disclose their plans to transition to net-zero carbon emissions. US Securities and Exchange Commission (SEC) chair Gary Gensler has asked agency staff to submit a proposal for mandatory climate-risk disclosures for SEC consideration by the end of this year.

Business as usual is no longer tenable. Global greenhouse gas emissions must be halved by 2030 to meet the Paris Agreement and Biden administration goal of reaching net-zero emissions by 2050—yet carbon emissions are still rising.

Corporate momentum on net-zero initiatives is building. More than one-fifth of the world’s largest corporations have pledged to reach net-zero carbon emissions by 2050. Organizations such as the Glasgow Financial Alliance for Net Zero, made up of more than 300 financial institutions responsible for approximately $90 trillion in assets, are setting science-based targets for 2025 and 2030 to mobilize finance at scale.

Companies that are among the first to figure out how to transition to a low-carbon economy will not only benefit from lower capital costs. They will also build competitive advantages that are hard to challenge: capturing new value as sectors reshape, progressing along steep experience curves, deepening customer relationships as they partner to solve for the whole value chain, and innovating their business systems.

By contrast, those organizations caught unprepared will not only risk contributing to a climate disaster—they will also risk falling behind better-equipped rivals through more expensive financing, lagging know-how, declining demand for non-decarbonized products, exclusion from new value systems, and damaged reputations.

So, as boards take stock of increasingly apparent climate risks, every director should raise questions that probe if their management teams are preparing for both the risks and opportunities on the way to a net-zero world. Based on our recent research, here are three questions that can help:

1. Is the company climate-resilient? Risk to the company should not be the only perspective, though it is essential to provide continuity of service and to understand where innovating processes and products can lead to new opportunities and lower risk.

On the physical side, while companies may already have insurance against extreme weather events, they may not be protected against future cost increases of that insurance as weather risks increase: operationally committed to their properties, companies may find themselves protected against weather risk but not climate risk.

On the transition side, directors need to ask management to present their plans for transitioning to a net-zero economy and the risks those plans entail.

What Directors Should Do: Confirm the company has people with the right skills to determine if the business is climate-resilient in both physical and transition risk. Probe if the team is making adequate climate-related disclosures to stakeholders. Verify that the management team is examining a wide range of transition scenarios. Consider: beyond the business itself, whom is the company relying on, and how well are they prepared for a low-carbon economy?

2. Is the business designed for maximum impact in a net-zero economy? To get to a net-zero world, companies need to engineer emissions out of their entire business systems, including their supply chains and customers’ use of their products. Reaching this goal may involve embracing opportunities for new scope in adjacent spaces and new ways of establishing strategic control of the value chain. Opportunities for profitability—and value—are shifting as businesses that are currently low margin become strategically valuable once revamped for a low-carbon future. Pressure to repurpose scrap material for another life, for example, could transform the waste and scrap industry while increasing costs for the businesses depending on it.

What Directors Should Do: Ask management if they are analyzing where value will migrate in their industry within a net-zero world—and if the company is prioritizing the right space. Is the team examining its entire value chain for new opportunities? Is it looking just at its own transition—or at the business opportunities of helping its customers with theirs?

3. Does the company have the support required for its plans? To reach net zero by 2050, every company will require investors, banks, suppliers, customers, employees, and policymakers to support its transition to a less carbon-emitting business. To persuade a wide range of stakeholders to back their plans, management teams need to select and track trusted emissions metrics aligned with the progress they are targeting in order to tell their stories. Metrics that recognize the dynamics of transition, such as those measuring carbon intensity or implied temperature rise, may prove more useful than focusing only on absolute emissions.

What Directors Should Do: Make sure management chooses metrics that support the path they have chosen, from the set of metrics recommended by the Task Force on Climate-related Financial Disclosures (TCFD). Multiple bodies and standard-setters, from the G20 Finance Ministers and Central Bank Governors to the International Financial Reporting Standards Foundation, have made statements in support of the TCFD framework as a shared international framework.

It is natural, and necessary, for the board to approach climate change with a risk mindset. But also applying an impact mindset can help ensure that the business can embrace the opportunities of the transition and establish a strong and defensible position on the path to net zero, in terms of both climate and financial impact.

John Colas and Simon Glynn are partners and co-leads of climate and sustainability at Oliver Wyman.

##

How Gender Diversity May Impact These Four Boardroom Discussions

Perspective matters. And when it comes to some of the most important issues directors face—such as the climate crisis, compensation and diversity goals, and how best to operate in a more virtual world—we continue to see key differences in the perspectives of men and women. 

Released this month, PwC’s 2021 Annual Corporate Directors Survey features responses from more than 850 US-based directors. A look at the data by gender reveals several areas in which the responses noticeably differ:

1. Environmental, social, and governance (ESG) issues. Almost two-thirds of directors (64 percent) say their company ties strategy to ESG issues—a 15-point jump from 2020. But as more companies and boards dig into ESG, men’s and women’s perspectives on certain ESG matters vary greatly. 

For example, while 87 percent of women say they are very much or somewhat concerned about the climate crisis, only 67 percent of men say the same. Furthermore, while most directors support the current voluntary system of ESG disclosure, women are twice as likely as men to support mandatory ESG disclosures (29 percent versus 14 percent).  

2. Board diversity. This is hardly a new topic. But when we asked directors why boards haven’t become more diverse, more quickly, men and women pointed to different factors.

Fifty-nine percent of women cite an overreliance on director networks to source qualified candidates as an impediment to board diversity efforts, compared to only 31 percent of men. Men are much more likely to point to a lack of qualified diverse candidates as an impediment—54 percent, compared to only 21 percent of women.

Overall, most directors agree that diversity won’t happen on its own. The percentage of directors who believe boards do not need to act on board diversity dropped by more than half from the prior year, to just 33 percent. But a much larger percentage of men (40%) still say it will happen naturally, compared to 15 percent of women. 

3. Tying compensation to diversity goals. As the ESG conversation takes hold in boardrooms, more companies are considering whether (and how) their diversity, equity, and inclusion (DE&I) goals should be tied to executive compensation.

There is clearly a shift in how boards are thinking about DE&I efforts and executive accountability. From 2020 to 2021, overall director support for tying diversity measures to incentive plan goals grew substantially, from 39 percent to 52 percent. But a much larger percentage of women support these measures: 74 percent in 2021, compared to 44 percent of men. 

4. Conducting business virtually. In 2020, board meetings largely shifted from in-person to virtual. While directors indicate some reversal of the trend this year, many plan to continue meeting virtually at least some of the time. Although meeting efficiency topped a list of positive impacts directors see from virtual board meetings, directors agree that effectiveness has suffered—with men indicating a more negative toll.

Forty-seven percent of men say virtual meetings negatively impact director engagement, compared to 33 percent of women. Further, 42 percent of men say meeting effectiveness has suffered, compared to 32 percent of women. Board members will have to work together to find effective ways to stay engaged virtually and hold one another accountable. 

Strong boards recognize the importance of diversity in driving richer discussions, spurring important dialogue in the boardroom, and helping boards think differently about complex issues. One place in which nearly all directors are aligned? They agree that board diversity (gender and otherwise) brings unique perspectives to the boardroom (93%) and improves relationships with investors (90%).

Diverging views bring about debate, discussion, and the opportunity to arrive at well-considered decisions. A fuller perspective is where today’s boards and organizations can find tomorrow’s competitive advantage. 

Maria Castañón Moats is the leader of the Governance Insights Center at PwC US.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Directors Advised to ‘Lean In’ and Other Nuggets from NACD Summit 2021 Speakers

In the second Virtual NACD Summit from October 1 through October 8, NACD riveted screens across the country with appearances from organizational psychologist Adam Grant, US Securities and Exchange Commission commissioner Elad L. Roisman, Southwest Airlines chair and CEO Gary Kelly, and more. Kicking things off on October 1 with a day of exclusive programming just for NACD Directorship Certified® directors, NACD Fellows, and NACD Accelerate members, Summit continued the following week with daily general session programming powered by AIG in addition to smaller-group forums and shorter panels on specific topics such as executive compensation and the ethical oversight of digital transformation.

“The last year and a half have had exceptional ups and downs. We have seen human tragedy, racism exposed, and a divided nation. But we have also seen the triumph of the human spirit—to do better and be better, and in the case of directors, to lean in during a tumultuous time in order to fully support management,” NACD president and CEO Peter R. Gleason said to the virtual audience in his opening speech on Monday, October 4. “If there is one takeaway from the past 18 months and this pandemic, it is that the time is now to make ourselves, and our boards, future ready.”

In a session titled “Leading Through Economic Transformation: Trial by Fire” moderated by Anna Catalano (director at Frontdoor, HollyFrontier Corp., Kraton Corp., Willis Towers Watson, Appvion, and the NACD Corporate Directors Institute, an independent sister organization to NACD that owns the NACD Directorship Certification® program) panelists shared their firsthand experiences of managing the unexpected and prevailing against the upheaval of the last year and a half. Speakers included Orlando Ashford, executive chair at Azamara and a director at ITT, Perrigo Co., Array Technologies, State Farm, and Hershey Entertainment and Resorts Co.; David Marriott, a director at Marriott International; and Carol B. Tomé, CEO of United Parcel Service.

“The role of health and health protocols is going to be here to stay,” Ashford said, as a consequence of how the pandemic has permanently altered the future of business. “We’ve doubled down on health experts to advise us. Not just my company but the industry, and really all of our industries, we’re trying to share information… because at the end of the day we want people to be able to enjoy our product, enjoy our offering, and do it in as safe a way as possible.”

On Wednesday, October 6, Paul Polman, CEO of Unilever from 2009 to 2019 and current vice chair of the United Nations Global Compact, and Marian Heard, president and CEO at Oxen Hill Partners and founding president and CEO at the Points of Light Foundation, took the stage to discuss how directors can make a difference in society. Speaking about sustainability generally, Polman told Heard and the audience that most companies don’t play to win—they play “not to lose.” To nurture viable businesses into the future, this mindset will have to change. “The business community broadly knows what needs to be done… yet collectively, we’re not achieving what we need to do…. We actually have to be regenerative, restorative, reparative,” Polman said.

The week of programming closed with a conversation between Leo E. Strine Jr., the former chief justice of the Delaware Supreme Court who is now of counsel to Wachtell, Lipton, Rosen & Katz, and Kim Rucker, a director at Lennox International, Celanese Corp., and Marathon Petroleum Corp. After covering topics ranging from stakeholder engagement to diversity, equity, and inclusion and then to board composition, Rucker ended the session by asking, “What do directors do after they attend this wonderful weeklong Summit? You’re inspired, you’re all charged up. From my perspective, it’s so important to prioritize, to partner back with your companies, and to pace yourself.”

“Think about the idea that we’re going to try to make money the right way. You don’t have to have a fancy purpose,” Strine concluded. “If your products are useful and safe… if your employees have quality wages and can provide for their families and have a better life and they enjoy being at work and being part of the team… you pay your taxes in the communities you’re in and you support the local institutions… if you do all those things and you organize yourself as a business and your board structures around that, you’re not going to miss key risks. You’re going to feel good about yourself. And, frankly, by focusing on that you’re not going to get into side issues; you’re going to focus on the main thing that is required to be a good corporate citizen.”

For more coverage of NACD Summit 2021, check out “Curbing Climate Chaos Will Require Innovation, Leadership from Boards,” “Economic Recovery, Labor Supply Weigh on Small Businesses,” and “SEC Commissioner Elad Roisman to Directors: ‘My Door Is Open’.”

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Get Out the Map: The Journey to Your First Board Seat

At NACD, we regularly hear from senior executives looking to expand their careers by serving on a corporate board. Their challenge? They do not know how to take the first step on that journey. The recruitment process often can seem opaque, and occasionally intimidating, for those who are just getting started—but it doesn’t have to be.

In early 2021, NACD Accelerate participants attended a virtual session that covered how to best position themselves for board service. If you are a senior executive interested in joining your first board, the following actionable tips revealed during that members-only session can guide you on the path to directorship.

1. Know It: Understand the Recruitment Landscape

It’s no secret: the path to your first board seat is not always a straight line. There are limited board seats available each year, and many board roles are won through personal and professional networking. According to the 2020 US Spencer Stuart Board Index, there were 413 new independent directors placed on S&P 500 boards during the 2020 proxy season, reflecting 8 percent of all S&P 500 directors.

Identifying your first board seat can be a challenge, but it is not impossible. The journey to your first board seat will require a committed effort and an open mind.

Candidates are best positioned for success when they understand what boards look for—and how to demonstrate their value effectively. When recruiting, boards primarily focus on four key areas of a candidate’s experience:

The industry in which the candidate has experienceThe revenue of the candidate’s day-job companyThe candidate’s functional role at their companyAny special skills the candidate may have, such as experience with human capital, analytics, or digital transformation

Below are tips on how to leverage these four areas of focus in your board search.

2. Learn It: Get Relevant Experience

Though senior executives are well on their way to understanding certain aspects of board work through their day-to-day roles, boards want to be sure that their candidates are prepared with the knowledge required to step into the boardroom and add value on day one.

At NACD, we recognize the need for a pipeline of strong, diverse, and highly qualified professionals to serve as tomorrow’s directors. That’s why we created NACD Accelerate: a unique two-year program that creates a pathway for executives with little to no experience in the boardroom to prepare for board service. Executives in the Accelerate program receive the tools, resources, and exposure that are key to launching a successful career as a director—including the opportunity to network with NACD’s elite director community and become NACD Directorship Certified®.

In addition to Accelerate and NACD Directorship Certification®, joining nonprofit boards is an effective way to enhance your résumé. To find open nonprofit board seats, you can look at postings on LinkedIn, VolunteerMatch, or your local chamber of commerce’s website.

Think about your skills and interests: What are you passionate about? How can your talents add value to a nonprofit board? The answers to these questions should guide your nonprofit board search and service. Nonprofit board roles can give you the small-group and committee experience that for-profit boards are looking for in their director candidates.

Private company boards also offer opportunities to broaden your directorship skill set. Private equity firms are continually looking to place directors on the boards of their portfolio companies. Knowing the value you can bring to the boardroom will help you stand out to boards looking for specific experience.  

3. Name It: Find Your Unique Value Proposition

So, you have relevant experience—what’s next? Develop and refine your unique value proposition, which is—at its core—an elevator pitch detailing the value you would bring to a board.

Your unique value proposition should be succinct and mention those four key areas that boards focus on when searching for a new director. Because of cross-industry recruitment, ensure that your value proposition is free of jargon and acronyms that may not be understood by someone in a different field. Incorporate leadership language—even if you don’t yet have board experience—thinking about your time leading organizations, departments, or teams. (The NACD Accelerate curriculum offers access to programming and resources that help aspiring directors present their experience and knowledge in compelling, effective ways.)

And don’t forget: defining your value proposition is never done. Review it regularly and update it as needed. Business and governance language changes over time—consider how infrequently you heard and saw the term “ESG” (environmental, social, and governance) five years ago compared to today. Ensuring that your language is up to date lets boards know that you are committed to continuing education and keeping up with boardroom trends.  

4. Build It: Create Your Board Résumé, LinkedIn Profile, and Board Profile

In today’s digital world, clearly conveying your value proposition through your board résumé, LinkedIn profile, and board profile is critical to your success.  

Board résumé. To grab readers’ attention, your résumé should start with a headline quickly summarizing who you are and that value proposition you’ve articulated. Because boards recruit using many different criteria, it’s important to include as much detailed information about your experience as you can, going back at least 10 years. Distill your value through a leadership lens. Board work, executive work, and education are all critical pieces of a board résumé, in addition to notable certifications, memberships, community involvement, awards, published work, and speaking engagements. The best board résumés humanize the candidate; consider including three to five pieces of personal information about you, such as your hobbies, foreign language proficiencies, family information, or volunteer activities.

LinkedIn profile. After updating your board résumé, you can copy your experience into the relevant fields of your LinkedIn profile. Be sure your value proposition is clearly articulated through your headline, “About” section, and experience.

Board profile. Similar to a speaker bio, this document should include a headshot and is used like a marketing tool to promote your candidacy. The board bio is generally a one-page overview of your experience in a narrative style, starting with an overview of who you are and what prospective boards should know about you as a candidate. Be sure to include any board service, honors, and speaking engagements.

Though finding your first board seat can be a daunting process, entering the market with a strong understanding of the recruitment landscape, board-specific education experiences, and well-crafted candidate materials can make all the difference.

If you are an executive with little to no experience in the boardroom and are ready to take the first step in your directorship career, consider NACD Accelerate. For questions, contact a member of our team at accelerate@nacdonline.org.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

How the Human Trafficking ESG Risk Could Impact Your Business

Of the many things that keep board directors awake at night, human trafficking is probably not high on the list. But when you consider that more than 40 million people (a quarter of them children) are trafficked for forced labor and sexual exploitation, the magnitude of human suffering cannot be ignored by corporations. Human trafficking is the fastest-growing form of international crime and one of the most lucrative of criminal activities in the world.

In the United States, many people think of human trafficking as something that primarily happens overseas, but that’s not the case. The National Center for Missing and Exploited Children receives daily reports of child sex trafficking in all 50 US states and in every type of community throughout the country. It could be happening in your neighborhood.

Several industries are more susceptible to these sorts of crimes, such as financial services, airlines, travel agencies, hoteling, and the short-term rental industry. Regulators are starting to demand more accountability from companies to look for red flags that might indicate possible criminal activity.

Financial Services, Travel, and Hospitality

Financial services firms may encounter suspicious activities when human traffickers attempt to use legitimate firms to conduct illicit financial transactions. An analysis of documented trafficking in the United States showed how financial services firms provide banking and money services business to several industries known to have some degree of human trafficking risk. Some are obvious, such as escort services, illicit massage parlors, and strip clubs. However, many others are not, such as restaurants and food service, agriculture, construction, landscaping, cleaning services, manufacturing, forestry, and even health care.

The hospitality industry is particularly vulnerable to traffickers, especially sex trafficking. Trafficking victims have sued hotels, but historically most of these cases have been dismissed. There are signs that the courts are beginning to hold hotels to a higher standard of accountability for the actions of criminals within their establishments.

Other critical players include airlines and travel agencies, which can use their data to identify red flags. Training and general awareness are important for employees, such as flight attendants, ticket counter staff, and booking agents, to understand the signs of human trafficking, forced labor, and forced sex trafficking.

How Your Board Can Address Risks

Besides the impact on the lives of those directly affected by it, human trafficking creates business risks for those industries that are exposed to it—both directly and through the financial system.

As traffickers become more sophisticated, companies must employ new data-driven measures to prevent, detect, and respond to human trafficking. The following steps will help any company—and its board—become more prepared to fight human trafficking and reduce its risk of exposure:

Educate yourself on how human traffickers might use your industry and specific company to commit their crimes.Update your risk assessment and internal controls to address the risks.Collaborate with the industry and organizations like the Anti-Human Trafficking Intelligence Initiative and others.Use existing industry and company-specific red flags.Train your employees to recognize the signs of human trafficking and forced labor.Know your data and develop human trafficking analytical detection scenarios and escalation procedures.Establish law enforcement liaisons to facilitate reporting of red flags.Incorporate human trafficking litigation or disclosure scenarios into your crisis communications planning. The financial impact of a potential incident is likely to pale next to the cost of reputational damage if you are not prepared.

In addition to the direct business risks, investors are now more aware of social issues. Even institutional investors are more issue-focused, and specifically very conscious of human rights and human dignity issues. Human trafficking allegations or adverse court decisions could impact how investors view the company.

As environmental, social, and governance (ESG) issues are increasingly viewed as serious business risks, companies could face concerns from investors over whether the company remains a good investment, and publicly traded companies may even find themselves in proxy fights with activists over their board seats.

Ken Jones is a senior managing director, Ozgur Vural is a managing director, Edith Wong is a managing director, and Suzanne Blanton is a director at FTI Consulting. FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk, and resolve disputes: financial, legal, operational, political and regulatory, reputational, and transactional. FTI Consulting professionals, located in all major business centers throughout the world, work closely with clients to anticipate, illuminate, and overcome complex business challenges and opportunities.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.

FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Creating Healthy Societies and Transforming People Risk in the Post-pandemic Workplace

As COVID-19 and its variants continue to disrupt society, business, and commerce, boards have expanded the scope of their risk oversight to include a broader, “people risks” agenda. Directors responded swiftly to the pandemic, supporting management teams as they faced new challenges to the health and well-being of their workforces. At the same time, there is a rising awareness of the role organizations play in addressing societal concerns at the board level. The intersection of these two issues is where the notion of creating “healthy societies” emerges.

The creation of a healthy society incorporates equitable access to affordable, quality health care, providing healthy environments to live and work in, and creating financial security and a more equitable workforce across race, ethnicity, and gender. These aspects all play a role in our collective and individual health outcomes.

Boards that take on managing these “people risks” with the right balance of empathy and economics will be better positioned to secure the organizations’ future during this accelerated period of sustained change.

The Expanded Role of Employers in Supporting Wellness

Before the pandemic, organizations and their boards framed the relationship with their employees through the lens of the workplace environment. Policies were created to help guide the organization and its employees in conducting the work relationship. Organizations often developed benefits, compensation, hiring, and workplace procedures from this perspective.

In just a few months in 2020, the pandemic shifted this paradigm. As many organizations went to remote work arrangements, the line between what happens inside the workplace and outside the workplace dissolved. This shift created a new level of oversight for boards as organizations needed to quickly develop strategic approaches to ensure the health and safety of their employees inside and outside of the workplace.

Boards Take on New Challenges

As boards continue to tackle the ongoing issues related to COVID-19 and its variants, health becomes a new driver in charting the future of an organization. The concept of “healthy societies” offers a means to create a sustainable organizational culture that benefits people, the organization, and the communities in which the organization operates.

The healthy societies concept advocates for the health and well-being of everyone through sustainable means that protect people and the planet. This means providing a safe, professional, and personal work environment that enhances an employee’s well-being, both physical and emotional.

Emotionally and physically healthy employees are better positioned to manage their work and home-life balance, leading to increased productivity. Long-term value can be achieved when organizations and boards take a healthy society approach to developing processes and procedures that impact employees with this shared vision for the future in mind.

Creating a Safe Work Environment for Today and Tomorrow

Providing employees with a safe working environment remains a top concern for most organizations. Changes to the physical design of workspaces, plus the use of masks, sanitizers, physical distancing, temperature checks, testing, and other safety measures, are now almost normalized in the physical workplace. These changes give employees who need to be physically present to perform their jobs the confidence that they are protected. A consistent and sustained safety policy will help make the transition from the home office less stressful for those returning to the workplace.

But a larger question remains for boards and management to now consider: when we emerge from the pandemic, will organizations try to revert to pre-pandemic “business as usual,” or will they create new operating models to ensure flexibility and agility in response to future outbreaks or other disruptions? Boards that advocate for contingency planning that factors in the health and safety of those in the workplace will enable companies to swiftly pivot and maintain productivity in the face of unforeseen circumstances.

Understanding the Emotional Well-being of Employees

The health and safety of employees goes beyond the physical workplace. According to the American Psychological Association, a mental health crisis has emerged as instances of stress, anxiety, and depression are on the rise. This can lead to lower levels of employee well-being and productivity, as well as increased organizational costs. Now, as many companies are asking employees to return to the workplace, new mental health stressors have emerged, as many are reluctant to leave their home offices.

Boards that respond with empathy and take into consideration the mind-set and needs of employees will be better positioned to support leadership in managing this situation. “This was a very human crisis, and that’s a different dimension compared to most business or financial risks,” noted one director who commented on this topic for this article. “Boards had to become more people-focused than they have ever been before.”

Organizations are already responding to the pandemic-related mental health crisis among employees. In the 2020-2021 Global Talent Trends Study by Mercer, 45 percent of US human resources executives reported adding benefits to address mental and emotional health issues. A continued focus on employee well-being will take time and resources, and conversations at the board level about these critical issues will help keep the needs of employees front and center as new policies are proposed.

Reshaping the Paradigm for Talent Acquisition

Talent acquisition and retention continues to be a top challenge facing organizations, according to Mercer’s survey of human resources professionals and risk managers. That challenge is not only finding the right talent to fill the positions, but also creating a diverse organization that works together to contribute to the overall health of our society and contributes to an employee’s sense of inclusion and belonging.

Society and employee populations, especially younger generations, are more culturally aware and awakened in an era of #MeToo, George Floyd, and Greta Thunberg. While the immediate global health crisis took precedence over sexual harassment, systemic racism, and climate change concerns in many ways, they remain at the forefront for leadership and employees. In a tight labor market, employees want to have a strong connection to purposeful organizations that demonstrate strong environmental, social, and governance (ESG) values, and they are more likely to stay at and be more productive for these kinds of employers.

In addition, new technologies, changing demographics, and the pandemic are creating other challenges for employees as they seek not only to find satisfying work but also to work in a manner that contributes to their well-being. This changing nature of work also requires new considerations for talent management. For example, boards should be aware of the legal and operational issues associated with flexible working, gig workers, and technology adoption. As more of the workforce opts into flexible working arrangements, organizations will need to examine investing in digital technology and designing work experiences and benefits that demonstrate a deep understanding of the needs of their people. These topics belong at the board table, as directors can support talent development that leads to healthy and sustained organizational growth.

Raising the Bar for ESG

ESG issues have taken on new meaning in the last ten years and efforts have accelerated globally over the past 18 months. Disparities made more visible during the pandemic triggered new levels of thinking and a sense of urgency to build more inclusive and sustainable economies. Younger generations have chosen to align themselves with brands that demonstrate socially and environmentally conscious values. Climate change, diversity of thought, inclusiveness, wealth disparities, and more are no longer issues that live outside of the boardroom. Understanding the impact of the organization on social and environmental issues and guiding leadership toward sustainable and conscious solutions will go a long way toward building truly healthy societies.

Looking Ahead

After threatening public health and ushering in unprecedented disruptions, the COVID-19 pandemic has uprooted daily life and fundamentally transformed values for companies, employees, and society. Boards that adopt a people-first and healthy society mind-set can help leadership in developing sound strategies for the future. And that future begins with recognizing and embracing the expanded role employers can play in the health and well-being of employees inside and outside the workplace.

Martine Ferland is president and CEO of Mercer and vice chair of Marsh McLennan. She was named to the NACD Directorship 100 in 2021.

Marsh McLennan and NACD thank the following NACD members for sharing their insights for the development of this blog series on risk oversight: Anthony Anderson, Sam Di Piazza, Roy Dunbar, Cynthia Jamison, Shelley Leibowitz, Sara Mathew, Jan Tighe, and Suzanne Vautrinot.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Increasing Board Agility Is Critical to Risk Oversight

“You’re on mute.” 

This must have been one of the most spoken phrases over the past 18 months as many organizations moved to online meetings and video conferences. The mobility restrictions associated with the COVID-19 pandemic created opportunities to innovate and, in many instances, offered a crash course in being agile—a critical requirement of boards.

As a result of the pandemic and other events of 2020, the scope and scale of issues on the board risk agenda have fundamentally changed, as have many aspects of governance processes. Going forward, boards must build their agility to enable organizations to navigate the new cadence of the business and risk environment.

As a previous NACD BoardTalk post noted, an agile board can “identify and respond effectively to rapid and unexpected changes in the internal and external environment. It is characterized by a forward-looking and exploratory approach that challenges and nurtures both current and future business, enables quicker decision-making, and supports the organization to be more adaptable and innovative when confronted by change.”

To gain insight into the practices adopted and lessons learned from 2020, including on board agility, NACD and Marsh McLennan worked with the Global Network of Director Institutes (GNDI) to conduct a wide-ranging survey of nearly 2,000 directors. The research team also conducted eight accompanying interviews with seasoned directors to provide rich context for our findings in this article.

Overall, 89 percent of the surveyed directors feel their boards have been able to effectively govern during the pandemic—indicating an ability to adjust to the demands of virtual governance, such as increased or even weekly full-board meetings during the height of the crisis. Further, 34 percent are planning to alter their board operating model (including with changes to meeting agendas) based on experiences and learning from the pandemic and responding to other challenges in 2020 and 2021.

Delving further into the findings, we can see that three key elements of an agile board have emerged:

First, the agile board is hybrid. Directors have upskilled themselves and gained comfort with virtual meetings over the course of the pandemic, and 89 percent of GNDI survey respondents agree that digital board engagement would be a helpful tool for board operations moving forward. Additionally, 78 percent expect that at least one in five committee meetings and some full-board meetings will be virtual post-pandemic. As one director that we interviewed for this article noted, being “virtual-first is a great way to rethink the rhythm of board meetings and allows the board to quickly connect on issues as opposed to waiting for board meetings.”

Virtual meetings have many benefits since directors can quickly meet to address fast-moving issues and they free up director time that can be applied to essential board and committee work. In addition, the virtual format requires a more structured and efficient committee agenda to fulfill fiduciary obligations. In one director’s pandemic experience, “The board quickly adapted to a communication structure that was not scheduled and was able to function much more intensely in a virtual world.”

While many directors agree that virtual board meetings are as effective as in-person meetings, there are serious challenges. In the future, boards need to explicitly implement approaches to ensure fully engaged directors in a virtual world. More than two-thirds of GNDI survey respondents (68 percent) noted the negative impact of reduced nonverbal communication among directors during virtual meetings. Board chairs may also need to take additional steps to ensure that minority views are represented, which may be more challenging virtually. Finally, boards may need to reconsider how to apply decision-making techniques such as “red teams” or “tenth man” (where at least one person is appointed to serve as the loyal dissenter) in a virtual world.

As hybrid and virtual board meetings become the norm, boards will need to adopt better tools to support digital board governance, including those used to share secure governance documents, vote, or communicate confidential information.

Second, the agile board uses a range of insights to support decision-making. An engaged, responsive, and agile board is a vital sounding board for the CEO and their management team. Providing fresh perspectives on difficult issues is critical.

Agile boards are implementing new processes to provide informed input and challenge decisions around strategic issues, as well as to improve risk oversight. For example, 70 percent of survey respondents said they will make greater use of outside experts in scenario planning, strategy, and risk decision-making processes. Sixty-six percent expect to incorporate a broader set of risks into the board information dashboard. Boards may need to adjust their agenda to allow more time for such exercises and exploratory discussions, putting an even greater emphasis on the need for efficient and effective committee processes.

Sixty-three percent of surveyed directors also report that they plan to increase the use of data analytics in the board decision-making process. This may include incorporating digital and analytical tools that assess the risk environment and organizational performance—tools that scan publicly available information to create dashboard summaries of employee sentiment or tools that conduct an outside-in scan of cybersecurity, for example.

Information tools provide board members with efficient access to a much greater range of insights, key metrics, and benchmarks, generating deeper understanding—all of which can support a necessary focus on emerging trends and strategic issues.

Finally, the agile board embraces continuous learning. “Board members do not need to be expert at everything but need to be able to constructively challenge and question management,” one director said. “That requires a certain kind of board member—someone who is in continuous learning mode.”

Agile boards embrace continuous learning in two key areas: organizational strategy and business model, and the expanding spectrum of events and trends driving changes in an organization’s business environment.

Directors are more engaged and involved in robust dialogue across various levels of management than ever before—without impinging on management’s operational role. This enables the board to actively debate and challenge management on their risk assessments, decision-making processes, and conclusions. Many directors noted that these debates are vital to helping management “see around the corners.”

Boards are also turning to directors from a range of professional backgrounds to increase cognitive diversity in the boardroom and to tap expertise on evolving issues such as cybersecurity, digitalization, and environmental, social, and governance (ESG) topics. Increased boardroom diversity across all vectors has many benefits. Still, onboarding a cybersecurity or an ESG expert does not relieve other board members from developing a robust understanding of the interaction between evolving risks and trends. Most boards have about 10 members, and as organizations face a widening array of issues, no board can have an expert on each topic. Since they cannot be “know-it-alls,” boards must become “learn-it-alls.”

Each director must commit to a boardroom culture of continuous learning and inclusivity of diverse experiences, expertise, and insights on evolving topics to support an active and effective boardroom.

With this mandate, board and director agility is vital to supporting management and ensuring that organizations move nimbly through a challenging risk landscape.

Margarita Economides is an engagement manager in the Organizational Effectiveness practice at Oliver Wyman. David Gillespie is an Organizational Effectiveness partner with Oliver Wyman and leads the UK and Ireland businesses.

Marsh McLennan and NACD thank the following NACD members for sharing their insights for the development of this article: Anthony Anderson, Sam Di Piazza, Roy Dunbar, Cynthia Jamison, Shelley Leibowitz, Sara Mathew, Jan Tighe, and Suzanne Vautrinot.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Data Show Boards Are Taking Steps on Diversity, Equity, and Inclusion

We are in a state of evolution when it comes to tracking, reporting, and goal-setting for diversity, equity, and inclusion (DE&I) measures.

A recent Pearl Meyer On Point survey (to be published at the beginning of October) asked more than 400 directors and C-Suite executives if and how they are tracking and reporting DE&I factors, and to what degree DE&I goals are reflected in executive incentive plans.

The survey clearly indicates that most companies are focused on tracking DE&I, which makes sense given that EEO-1 reporting was introduced in 1965 and includes total number of employees by gender and by race. As a result, companies have historically placed importance on “matching” the overall demographics of the labor market. More than 92 percent of our survey respondents say they track overall diversity, as well as the diversity of their management teams and senior leadership.

However, what companies track is broadening in scope, as is what they do with that information. In addition to traditional lagging measures, such as basic diversity demographics (95 percent of respondents track these), turnover rates (79%), or engagement (78%), which look at things that have already happened, more companies are beginning to follow “activity” measures. Examples include tracking new hires (77%) and promotions into management (52%) and top leadership (55%) ranks. These metrics can indicate what is happening currently within an organization so that action can be taken when situations are out of sync with strategic goals.

There is also growing interest—although in the early stages—in tracking participation in activities that can influence the achievement of DE&I goals, such as leadership and development programs to increase internal promotion rates or employee affinity groups that increase inclusion and belonging. Finally, some companies are giving thought to using more detailed or nuanced measurements (such as turnover, a traditional lagging measure) in ways that provides more insight, for example at the employee level or by job function.

All of this data is important for companies to understand their current state and progress on this journey. But when it comes to setting goals, many organizations are hesitating. Of those that track DE&I metrics, the survey shows just 46 percent set goals.

Is there value in “just” tracking? In working with our clients, we do see that gathering information can lead to a better view of possible next steps and thus has merit. While certain companies aren’t setting specific goals, we see them becoming more nuanced in their data collection and creating a more holistic view of the DE&I landscape. They are actively communicating externally on the subject (46 percent of all respondents in the annual report, 44 percent in the sustainability report, and 39 percent on the corporate website, among other channels) and with employees (52 percent). Survey responses also show that these organizations are planning even more communication in the future.

Finally, our survey shows that while the specifics of plan design vary considerably, 35 percent of responding companies have DE&I represented in some way in their annual executive incentive plans. Another 28 percent indicate they are likely or very likely to include it in the upcoming year.

The data are consistent with the general outlook we hear when talking with directors about DE&I. There’s an overall willingness to do the difficult things that can drive change, but that’s often counter-balanced with concerns about disrupting the organization, spending “too much” time on it, or detracting from very real and urgent financial imperatives.

Despite the difficulty inherent in some of these issues, it is telling that among survey respondents, the strategic importance of DE&I and its support of the company’s talent management and development plans weigh more heavily than external pressures. While progress may feel slow at times, strategically focused boards are committed to achieving a more diverse, equitable, and inclusive organization and unlocking the value that derives from such a workforce.

Beth Florin is a managing director at Pearl Meyer and leads the Survey and Employee Compensation practice. She has specialized experience in the design, development, and implementation of broad-based compensation programs and total remuneration compensation surveys.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.

Generally Neglected Accounting Principles

This is an abbreviated version of a more thorough Directorship magazine Viewpoint article exclusively for NACD members. If you are an officer or director of a public, private, or nonprofit organization, you can become an NACD member to view the complete article and related resources.

Executive managers and board members could be forgiven for thinking that now that the International Financial Reporting Standards (IFRS) Foundation has entered the sustainability reporting space, the turbulence surrounding so-called environmental, social, and governance (ESG) disclosures will die down. After all, who could possibly be better than the foundation, the leading international administrator of financial accounting, to step in and quell the cacophony of competing frameworks for nonfinancial accounting?

Indeed, what has been missing the most in nonfinancial reporting for the past 20 years is precisely the kind of rigor and consistency that the IFRS standards possess. Along with the generally accepted accounting principles (GAAP) in the United States, the IFRS standards provide clear guidance for the preparation of financial statements around the world.

But everything the foundation intends to do—and ESG itself—falls well short of true sustainability accounting, thanks mainly to the disregard of core principles of the field. What will the core principles be in the foundation’s vision of sustainability accounting? Which of the competing schools of thought does it subscribe to, and is it the right one? Is it really time to pop the cork on all of this, or does the foundation’s arrival in the sustainability arena amount to a setback of some kind? Business leaders should brace themselves accordingly.

Sustainability Schools of Thought

Far from being a unified field, in the sustainability world there are at least two competing schools of thought. Depending on which ultimately prevails, the makeup of sustainability accounting could go in two very different directions in the coming years.

The first of the two is the sustainability accounting school, a doctrine that concerns itself with stakeholders of all walks and not just shareholders. This is the school most often associated with the Global Reporting Initiative. The challenge it sets out to address is how best to assess an organization’s inside-out impacts on vital resources of all kinds and the well-being of those who depend on them. In that regard, sustainability accounting is stakeholder-centric.

The second is the value creation school, most often associated with the International Integrated Reporting Council (IIRC) and the Sustainability Accounting Standards Board (SASB), which recently announced their merger to become the Value Reporting Foundation. The primary interest of the value creation school is how best to assess an organization’s ability to create value and then measure and report it—shareholder value, that is.

Embedded within the value creation school are two other underlying doctrines: risk management and impact accounting. Both of these sub-schools, which are associated with, for example, the Task Force on Climate-related Financial Disclosures and the Impact-Weighted Accounting Initiative at Harvard University, respectively, have long-term shareholder value creation at their heart. And contrary to the sustainability accounting school, the chief concern of the value creation school is the outside-in impacts of the world on an organization itself, and the effects they might have on its ability to create shareholder value.

It is the value creation school and its subsidiary doctrines where most of what passes for ESG issues lives. That makes ESG unabashedly shareholder-centric, though its frameworks occasionally include consideration of the impacts organizations have on non-shareholder stakeholders. Even then, it is only the effects such impacts might have on shareholder value that make them important or material in the value-creationist view.

To read the full article, see the July/August 2021 issue of Directorship magazine. Check out the full and previous issues of the magazine here.

Mark W. McElroy is the founding director of the Center for Sustainable Organizations.

NACD: Tools and resources to help guide you in unpredictable times.

Become a member today.