---
id: "action-hire-outside-consultants"
type: "action-item"
source_timestamps: ["§ What boards should do:"]
tags: ["board-composition", "external-advisors"]
related: ["concept-board-expertise-gap", "contrarian-recruiting-cyber-directors", "framework-board-cyber-engagement"]
action: "Retain outside cybersecurity consultants to advise the board and evaluate executive security briefings."
outcome: "Enhanced board-level cyber governance without the impossible burden of maintaining technical expertise."
speakers: ["Jeffrey Proudfoot", "Stuart Madnick"]
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-cl-83-boards-cybersecurity"
sourceUrl: "https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity"
sourceTitle: "Boards Are Falling Short on Cybersecurity"
---
# Hire Outside Cyber Consultants for the Board

## Action

Retain **outside cybersecurity consultants** who advise the board directly and help evaluate executive security briefings.

## Detail

Recognizing that technically upskilling the board is a losing battle (see [[contrarian-recruiting-cyber-directors]] and [[concept-board-expertise-gap]]), boards should bring in outside cybersecurity consultants. These advisors **serve the board directly** — helping directors evaluate executive briefings and provide proper governance without needing to become subject-matter experts themselves. It fulfills step 4 of [[framework-board-cyber-engagement]].

## Expected outcome

Enhanced board-level cyber governance without the impossible burden of maintaining technical expertise.

## Counterpoint (enrichment)

Governance experts warn that *exclusive* reliance on outside consultants risks dependency and limits internal board learning; a hybrid model — ongoing director education plus expert support — may be more sustainable.
