---
id: "contrarian-recruiting-cyber-directors"
type: "contrarian-insight"
source_timestamps: ["§ What boards should do:"]
tags: ["board-composition", "contrarian"]
related: ["concept-board-expertise-gap", "quote-tech-moving-too-quickly", "action-hire-outside-consultants", "framework-board-cyber-engagement"]
challenges: "The conventional strategy of adding one or two technical cybersecurity experts to a corporate board to solve governance gaps."
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-cl-83-boards-cybersecurity"
sourceUrl: "https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity"
sourceTitle: "Boards Are Falling Short on Cybersecurity"
---
# Contrarian: Recruiting Technical Cyber Directors Is the Wrong Use of Time

## Challenges

> The conventional strategy of adding one or two technical cybersecurity experts to a corporate board to solve governance gaps.

## The contrarian argument

Conventional wisdom says that because boards lack cyber expertise (see [[concept-board-expertise-gap]]), they should recruit "cyber-savvy" directors or technologists. The authors argue this is a **waste of time and effort**. Because the technology landscape — especially AI — moves so rapidly, a technical director's knowledge quickly becomes outdated. The lived reality is voiced in [[quote-tech-moving-too-quickly]]: even a self-described "tech and cyber guy" living in Silicon Valley has a hard time keeping up.

Instead, boards should rely on their **general executive experience** to oversee and evaluate the organization's full-time cybersecurity leaders ([[framework-board-cyber-engagement]]) and, where they need interpretive help, [[action-hire-outside-consultants]] rather than becoming subject-matter experts themselves.

## Enrichment: counterpoint

**Supported side:** Governance research and the SEC's 2023 cyber disclosure rules emphasize oversight quality, culture, and executive challenge over cutting-edge technical expertise on the board itself.

**Counterpoint:** Many governance advisors (e.g., Spencer Stuart, NACD) *do* recommend adding at least one director with digital/cyber expertise to sharpen challenge to management and strategic understanding of technology. Calling such recruitment "a waste of time" **overstates the consensus**. A balanced view: modest board education, periodic external briefings, and *selective* recruitment of digitally literate directors — a hybrid model — may be more sustainable than either pure upskilling or pure outsourcing.
