---
id: "concept-board-expertise-gap"
type: "concept"
source_timestamps: ["§ The Lack of Cybersecurity Expertise"]
tags: ["board-composition", "skills-gap"]
related: ["contrarian-recruiting-cyber-directors", "action-evaluate-cyber-executives", "action-hire-outside-consultants", "framework-board-cyber-engagement"]
definition: "The severe deficiency of formal education, certification, and practical experience in cybersecurity among corporate board members."
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-cl-83-boards-cybersecurity"
sourceUrl: "https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity"
sourceTitle: "Boards Are Falling Short on Cybersecurity"
---
# Board-Level Cybersecurity Expertise Gap

## Definition

The severe, quantifiable deficiency of formal education, certification, and practical experience in cybersecurity among corporate board members — including directors who sit on dedicated cybersecurity committees.

## Detail

There is a stark lack of formal cybersecurity knowledge on corporate boards. A cited study of **239 board members across 62 firms** revealed that:

- Only **1** director possessed formal cybersecurity education.
- Only **5** had completed relevant training or certifications.
- Merely **16** had practical cybersecurity experience.

This gap leaves boards ill-equipped to govern cyber risk and drives a common but flawed reflex — to simply *"add a cyber guy"* to the board rather than fixing the underlying governance approach. The lived experience of this futility is captured in [[quote-tech-moving-too-quickly]].

The authors' preferred correction is **not** technical recruitment (see [[contrarian-recruiting-cyber-directors]]) but stronger executive oversight: evaluating the cybersecurity leaders the organization already employs (see [[action-evaluate-cyber-executives]] and [[framework-board-cyber-engagement]]) and, where the board needs help interpreting briefings, retaining outside advisors (see [[action-hire-outside-consultants]]).

## Enrichment validation

The specific statistics align with the authors' own peer-reviewed research (Proudfoot et al., 2023) on cybersecurity expertise across board risk committees. The broader claim of a severe board-level cyber expertise gap is well supported in the corporate governance literature.


## Related across articles
- [[claim-boards-failing-governance]]
- [[framework-board-evolution-pyramid]]
