Mark A. Pfister on Boards and the Cybersecurity Challenge

Mark A. Pfister is Chief Executive Officer of Integral Board Group and the Chairman of the Board. He is also the CEO of M. A. Pfister Strategy Group, an executive management firm that serves as a strategic advisory council for executives and boards in the private, public and nonprofit sectors. He is a corporate Board Director, executive leadership advisor and technology consultant with focus in strategy, governance and technology/cybersecurity. Mr. Pfister is considered to be the inventor of the ‘Board as a Service’ (BaaS) engagement model, an industry he is credited with inventing, and frequently lectures on this topic. He also conducts speaking engagements, lectures, courses and seminars nationally focused on effective leadership, board strategy, professional project/program management and entrepreneurship. He is a certified Advanced Professional Director through The American College of Corporate Directors (ACCD), a member of the National Association of Corporate Directors (NACD), a certified Project Management Professional (PMP) through the Project Management Institute (PMI) and holds a Certified Cyber Intelligence Professional (CCIP) Board Certification through the McAfee Institute.

LIFARS: Tell us some background on yourself and how you got where you are today.

Mark: I have a background in science, technology and engineering which led me into industries that were typically searching for effective leadership. Additionally, a formal background in professional project management allowed me a unique view into the importance and discipline of strategy and governance – two areas I am extremely passionate about today. As my career progressed, I found myself focusing my skills in these areas with organizations ranging from startups to Fortune 50 companies. This eventually led to Board Directorship, Board Advising, executive coaching and consulting. I view these as perfect platforms to utilize my skillsets.

LIFARS: From your experience, could you share with us any common challenges Boards typically encounter?

Mark: I am assuming you want me to address the cybersecurity challenge! Yes, that is by far a common and challenging issue for most Boards. The name alone instills fear in many Board members. So much so that many companies have enhanced their Technology Committee to include cybersecurity – and have renamed the entire committee the Technology & Cybersecurity Committee. Unfortunately, many Boards do not currently have the required cybersecurity knowledge nor strategy to effectively combat this risk. Fortunately, this is changing as we speak. High-profile corporate data breaches and their subsequent shareholder value drop, finger-pointing, fines and litigation have truly forced this issue into the boardroom – and it hasn’t been pretty. Seeing as how the culture of a company starts with the Board, cybersecurity needs to be a dominant subject throughout all organizations.

LIFARS: Could you give us some insight on how a company Board should address cybersecurity risk?

Mark: I personally believe that cybersecurity should be the number one risk mitigation focus area for every Board of Directors. The Board needs to understand that the likelihood of a cybersecurity breach in their environment is imminent and should equally prioritize the ‘proactive’ as well as ‘reactive’ planning and response. The fiduciary responsibility of the Board, and its individual members, can be summarized as the Duty of Care and The Duty of Loyalty to the organizations they serve – cybersecurity is a fairly new and extremely fast-growing subcategory that directly rolls up into these important requirements. It demands a proportional focus and response. Putting further pressure on Boards to directly tackle cybersecurity threats, recent court cases have clearly set important precedents blaming loss due to a cyber breach on decisions of the board that were ill-advised or negligent, and attributing loss due to a cyber breach to the “failure of the Board to act” under circumstances in which proper attention would have prevented the loss. The possibility that these ‘claims’ can be made against the Board is not only forcing deeper discussions in the boardroom, but also enhancing strategy and governance in this space.

LIFARS: You mentioned that the topic of cybersecurity was thrust upon Boards due to high-profile breaches in the news. Do you have a prediction of what’s next for Boards in the cybersecurity space?

Mark: I believe the frequency and damage caused by cyber breaches are going to increase in the short-term. It’s unfortunate, but I truly believe this. This is going to put tremendous pressure on Boards to not only spend significant amounts of time in this area, but also allocate appropriate and increasing budgets to combat it successfully. Cybersecurity has not made a Board Director’s job easier, I can tell you that. The one solution that I feel is creating a sort of light at the end of the tunnel is in the space of A.I. With Artificial Intelligence and Machine Learning advancements, which have been significant in recent years and months, the potential to drastically skew the advantage in favor of corporations and away from hackers may now exist. Only time will tell, but I have a feeling the force is with us.

Check out Mark’s current national speaking tours:
           – ‘Building an Effective Board For Your Company
           – ‘The Strategy of Strategy’  (+ speaking video)

Connect with Mark on LinkedIn.