Episode Details

0:00 -- Intro.

1:38 -- Start of interview.

2:06 -- Bob's "origin story". His professional career with PwC and management consulting globally.

4:31 -- On globalization, China and current geopolitical tensions.

6:14 -- His career post PwC. He led a venture-backed SaaS company and became an Adjunct Professor at USC.

7:28 -- About the Digital Directors Network, focused on digital and cybersecurity in the boardroom. "It's an educational/training, advocacy and advisory platform."

11:40 -- The value of digital and cybersecurity in the boardroom.

13:35 -- The background and scope of his book "Digital and Cybersecurity Governance Around the World."

15:38 -- The digital value business case for corporate boards.

17:43 -- Some of the digital and cyber governance leading practices. "It's usually around three areas: 1) Who's on the board, 2) how is the board structured around these issues, and 3) how does the board understand risk."

18:32 -- How to define a digitally savvy director. His "director framework" (8 domains).  Reference to MIT research that found that "companies with digitally savvy boards had at least 34% higher performance on market cap growth, revenue growth, and ROA." Critical mass of three digitally savvy directors on one board.

21:42 -- Where to place cybersecurity in board committees. His recommendation: a separate technology and cybersecurity committee (cites examples of GM, WalMart, FedEx, Hasbro). He questions its placement in audit committees.

24:17 -- His thoughts on quotas for boards (on cybersecurity expertise). "Quota is such a dirty word [in governance circles] but they work and force the issue." "Gary Gensler was a senior advisor to Senator Paul Sarbanes, so the Statement on Proposal for Mandatory Cybersecurity Disclosures comes directly from his SOX days (he knows it works, it's a comply or explain provision)."

27:05 -- On international vs US boardroom cybersecurity practices. Skills, structure, scope.

30:06 -- On some of the techniques employed by hackers to infiltrate corporate systems. 

32:16 -- On state and government level vs private corporate cybersecurity practices and collaboration.

33:59 -- Directors' oversight duties on cybersecurity and cyber insurance. "Our estimate is that only 9-10% of the economic exposure to cyber risk has been accepted or transferred to the cyber insurance risk industry [the company is on the hook for ~90% of the financial impact of this threat]." Individual liability of directors for cyber breaches (standard is high in the US). Del. Court Dismisses Cybersecurity-Related Oversight Claim Against SolarWinds Board.

38:19 -- Cybersecurity experts in the boardroom: "In US boards: 10-14%, it's inching up but it should be 100%" "For $315k per year [avg comp of S&P500 director] any corporate board can materially improve a critical control point in their cybersecurity system by putting a cyber expert on the board. It's a no-brainer, a slam dunk."

40:43 -- The "unfair" bias against CIOs and CISOs in the boardroom