LOS ANGELES -- The board of directors at construction and engineering company Parsons Corp. needed to fill a seat two years ago.
Naturally, they wanted someone with communication and leadership skills. They also needed someone new: an expert to help them battle computer hackers, cyberthieves, electronic spies, digital vandals and anybody else out to wreak havoc in a connected world.
The privately held firm's latest board member is Suzanne Vautrinot, a retired Air Force major general who helped create the Department of Defense's U.S. Cyber Command and led the Air Force's information technology and online battle group.
Parsons, based outside Los Angeles in Pasadena, is at the forefront of a fast-expanding trend in corporate governance: the elevation of cybersecurity experts to the boardroom, a perch traditionally occupied by former chief executive officers and specialists in marketing and finance.
In recent months, AIG, Blackberry, CMS Energy, General Motors and Wells Fargo have added a board member with computer-security knowledge. Delta Air Lines and Ecolab did the same in recent years.
Cyberattacks on large companies rose 44 percent last year from 2013. Cybercrime costs businesses more than $400 billion a year, according to Lloyd's of London.
Boards are responsible for advising chief executives on setting goals and plans to achieve them. Not adequately addressing a cybersecurity risk could prove costly -- in money, reputation, legal bills, lost time and lost customers.
Target Corp. has spent $256 million cleaning up a mess created by hackers who breached its payment systems two years ago. The damage led to a change of chief executives and scared away many customers for several months. Government investigations and several lawsuits from affected customers and business partners are ongoing.
In other cases, cyberthieves steal sensitive corporate data, which could cause the company's competitive advantage to slip and its reputation to wane.
Data show that corporate boards have a long way to go. Just 11 percent of public-company boards queried this year reported a high-level understanding of cybersecurity, the National Association of Corporate Directors said. A review by the New York Stock Exchange and security firm Veracode found that two-thirds of board members questioned think their companies are ill-prepared for a cyberattack. Yet consulting firm PricewaterhouseCoopers reports that 30 percent of boards surveyed never talk about cybersecurity at all.
"There's some liability in not taking every measure you can to protect your clients, to protect your revenue stream," said Gary Matus, managing director at the executive recruiting agency RSR Partners. "To give people confidence, you have to be getting the best advice you can."
To Parsons Chief Executive Charles Harrington, having a cyber pro on the board was a no-brainer. The nature of Parsons' business demanded it. Along with classified government work, Parsons builds bridges, utility plants and military bases. Harrington realized that those projects' IT networks needed protection. Computer viruses were spreading that could destroy the infrastructure Parsons assembled. So he has been preparing his company for what he calls the age of "electronic battlefields."
He bought two cybersecurity companies. Pairing them with Parsons' engineers and scientists, they aimed to "bake" in security rather than "bolting" it on after.
Harrington knew the direction was right, but needed someone with a new perspective to help him strategize and communicate that strategy to the board. He tapped Vautrinot, whom he calls a "rare individual with the deep technical set and the communication skills needed to gravitate to a board." And she's "not afraid to dig in and get her hands dirty."
In February, Vautrinot joined Wells Fargo, which is heavily investing other cost-savings into information security. She's also on the boards of Ecolab and Symantec.
Demand for board members such as Vautrinot is increasing, board recruiters said.
There's a big problem with the whole trend, though: a shortage of cyber-qualified board candidates.
John Pironti, a risk and security adviser for the professional group ISACA, which concerns itself with global IT practices, is urging his members to ask for more responsibilities during this "big hump of sensitivity" so they'll be primed for larger advisory roles in the future -- including on boards of directors.
Harrington is open to that idea. Three years ago, Parsons' board decided to allow employees to join boards of other companies, though it hasn't yet fielded any requests.
"Depending on how critical their IT network is to them, absolutely, having someone on the board can shift the dialogue," Harrington said of other companies. "Cyber finds a way onto our agendas one way or another."
Business on 08/27/2015