All companies and boards across the globe are dealing with cyber risk. So, how does board oversight differ between countries? How are global boards ensuring that their directors are up to speed on complex cybersecurity risks?
In this special European edition of Inside America’s Boardrooms, we film from Diligent’s Director Experience, an international gathering of board members that recently took place in Lake Como, Italy. Host TK Kerstetter welcomes Sir Peter Bonfield, chairman of the Netherlands-based NXP, the world’s fifth-largest semiconductor company, and chairman of Global Logic, Inc., a software company based in Silicon Valley. He is also a director for TSMC in Taiwan.
In this episode, Bonfield explains the obvious impact of the General Data Protection Regulation (GDPR) on European boards, but also its impact on any global company that processes or controls EU citizen data. Contrary to trends in the U.S., Bonfield also explains that European boards are less likely to create separate committees for overseeing cyber risk.
…on all of the [boards] that I’m involved with now, the Audit committee–at every available opportunity–will discuss the impact and what the company is doing to protect the data….[This oversight] is to basically make sure that nobody in the company is complacent. If you’re not paranoid about this, then you’re not paying attention. From the top down, the board has got to put that message into the company.
On other aspects of oversight, Bonfield and Kerstetter compare notes between U.S. and European boards. What are the key differences when it comes to cyber risk? What is Bonfield’s advice for all boards as they determine which oversight structure is right for them?