Support our nonpartisan, nonprofit research and insights which help leaders address societal challenges.
DonatePUBLICATION
If it hadn’t come to light on December 13, 2020—the day before the Electoral College met and when daily reported COVID-19 cases in the US reached an all-time high of 243,000—the SolarWinds attack would have received more sustained media attention. But the hack, which Microsoft’s President Brad Smith has described as “the largest and most sophisticated attack the world has ever seen,”1 has received sustained attention in corporate boardrooms. While it appears that about 100 companies were infiltrated, more than 18,000 companies uploaded a compromised update to SolarWinds’ Orion software. Three months later, companies are still assessing their potential exposure.
In addition to digging into the impact of the SolarWinds hack on the company itself, companies have an opportunity to use the attack as a catalyst to take a fresh look at their approach to cybersecurity. Here are six questions boards may want to ask:
This means that management—with outside resources, if needed—should ensure that the board is relatively fluent in cyber; and just as directors need to speak “tech,” it is critical that technology executives be able to speak in terms that resonate with a board. Directors and management also need to have a shared understanding of the board’s role in a cyber crisis. Often, the board’s best role is to stay closely informed, but to leave management of the crisis to management.
It’s not a question of whether your company will be subject to a cyberattack, but when, how, and by whom. Even the most sophisticated companies can’t answer those three questions with 100 percent assurance. But by asking the questions posed in this article, boards can help make sure that their companies are prepared for the inevitable.
This essay draws upon the expertise generously provided to The Conference Board by Latham & Watkins and Stroz Friedberg, an Aon Company.
[1] "SolarWinds Hack Was 'Largest and Most Sophisticated Attack' Ever: Microsoft President," Reuters, February 14, 2021.
[2] Paul Washington, Rebecca L. Ray, Solange Charas, and Amy Liu Abel, Brave New World: Creating Long-Term Value through Human Capital Management and Disclosure, The Conference Board, December 2020.
[3] Matteo Tonello, Corporate Board Practices in the Russell 3000 and S&P 500: 2020 Edition, The Conference Board, October 2020.
[4] Board Effectiveness: A Survey of the C-suite, PWC and The Conference Board, December 2020.
December 08, 2020 | Research Report
October 28, 2020 | Publication
October 22, 2020 | Governance Matters
October 01, 2020 | Research Report
Support our nonpartisan, nonprofit research and insights which help leaders address societal challenges.
Donate