Boards Are Falling Short on Cybersecurity

Harvard Business Review (Apr 2, 2026) by Jeffrey Proudfoot of Bentley University and Stuart Madnick of MIT Sloan identifies three root failures behind slow board progress on cyber: shortage of director cybersecurity expertise, AI conversations that ignore security, and compliance mistaken for security. Their fix is to concentrate cyber responsibility on selecting and overseeing the right cyber executives rather than recruiting more cyber directors, treat AI as both opportunity and risk, and reframe cyber as operational resilience. Useful for SEA mid-market boards that staff cyber via a single audit-committee briefing once a year.