Inexpert Supervision: Field Evidence on Boards' Oversight of Cybersecurity
成果类型:
Article; Early Access
署名作者:
Lowry, Michelle R.; Vance, Anthony; Vance, Marshall D.
署名单位:
Virginia Polytechnic Institute & State University; Virginia Polytechnic Institute & State University
刊物名称:
MANAGEMENT SCIENCE
ISSN/ISSBN:
0025-1909
DOI:
10.1287/mnsc.2023.04147
发表日期:
2025
关键词:
CORPORATE GOVERNANCE
Boards of directors
board oversight
risk oversight
cybersecurity risk
Agency theory
INSTITUTIONAL THEORY
expertise
qualitative field study
摘要:
We conduct a field study of boards' emerging responsibility to oversee cybersecurity risk, a setting in which few directors have expertise. We find that, although nonexpert directors may genuinely seek to provide diligent oversight, without expertise their efforts lack substance and therefore are mostly symbolic, even when they perform the same oversight activities as expert directors. We also explore why boards do not prioritize the appointment of cybersecurity experts and show that nonexpert directors do not perceive that their efforts are symbolic and insufficient. In contrast, expert directors perceive keenly the deficiency of their nonexpert counterparts and argue for the need for more cybersecurity experts on boards, and this viewpoint is shared by cybersecurity executives and consultants who support the board. Thus, we contribute to our understanding of when boards are likely to provide substantive versus symbolic oversight and inform the debate on the merits of board-level cybersecurity expertise.