Governance Watch - Issue 8

By Dina Medland in London

Cybersecurity and Diversity

UK plc boardrooms have displayed a tendency to treat the issue of cyber security a bit like a bad smell – ignore it and hope that it goes away quickly. But the unprecedented worldwide cyberattack last weekend that spanned 150 nations and infected over 200,000 computers has quickly made ‘ransomware’ an everyday word, and highlighted the need for cyber security to be at the top of every boardroom’s agenda.

The attack used ‘Wanna Cry’, a virus that preys on an exploit in the Windows operating systems that don’t have the most recent update. In the UK the headlines were all around the NHS which was hard hit, swiftly making it a political issue.  

But its implications are enormous for business. Ransomware is a type of malware which, when downloaded, encrypts the victim’s files, demanding a ransom to be paid. Payment is demanded through the anonymous digital currency Bitcoin before the user affected can access their files again.

As I wrote on my blog Board Talk, even the providers of cyber risk solutions are beginning publicly to point accusatory fingers at boardrooms to take responsibility to protect their business and its stakeholders.

But how are they going to do that, without making a serious effort at diversity? I mean that word in its true sense: variety of background, experience and ability. It is, surely, unlikely that a predominantly white group of men aged over 57 (the average profile for a non-executive director in Europe) are likely to have any clue how to respond to this challenge.


Barclays Bank plc keeps hitting the headlines around corporate governance in unfortunate ways. The new emphasis placed by the regulator on the importance of the rights of whistle blowers in the financial services industry was thrown into the spotlight when it emerged recently that Jes Staley, the Barclays CEO, was being investigated for trying to unmask a whistle blower.

Governance & Compliance, the magazine produced by ICSA: The Governance Institute, offers three opinions (one of which is mine).

But after the pieces for ICSA had been written, there were further events to keep the bank in the news. Barclays launched a ‘national digital safety drive’, taking the lead among UK banks to be seen as a public champion of cyber security and the individual.

That was swiftly followed by revelations in the Financial Times that Mr Staley had himself been taken in by an e-mail from a ‘prankster’, sent after a gruelling shareholder’s meeting and purporting to be from Barclays chairman John McFarlane. I covered all those stories, including the last one, on Forbes.

Taken together, all three stories add up to two words: ‘credibility’ and ‘reputation.’

Food for thought: At a public event in London on May 10th on ‘systemic risk and corporate governance’, Paul Druckman, chair of the Corporate Reporting Council for the Financial Reporting Council (FRC), talked about ‘trust’. He used a slide from the Edelman trust barometer that places the UK at an all-time low for CEO credibility.

FRC Edelman trust barometer slide.jpg


Photo source: Dina Medland at Purpose of Corporation event, Cass Business School London May 10, 2017

Follow us on Twitter @ABExcellence

You can find us at Advanced Boardroom Excellence on LinkedIn