'THE DAILY CORPORATE GOVERNANCE REPORT’ (for public company boards, the C-suite and GCs)
? ? ? ? ?Please see the items below with the related links (NOTE: access to link content may be metered, require a no-charge registration or require a paid digital subscription)?
? ? ? ? ? ? ? (i) cybersecurity roundup: board oversight of cybersecurity, including 4 'smart questions boards should ask the CISO'/the most frequent reason for cybersecurity failures/beware the rise of AI-generated phishing scams targeting corporate executives:?
? ? ? ? ? ? ? ? ? (a) As noted in this Dec. 19 WSJ article, "Four Smart Questions for Boards Overseeing Cybersecurity":
? ? ? ? ? ? ? ? ? ? ? ? "Corporate board members increasingly see cybersecurity as a top business risk. Yet a chasm between directors’ knowledge of cyber issues and information security officers’ deeper, technical understanding of the subject can impede strong oversight. While data shows?that the number of directors with cyber experience has been growing, directors don’t necessarily need advanced cybersecurity backgrounds to hold management accountable about a company’s exposure."
? ? ? ? ? ? ? ? ? ? ? ? The article continues with comments from Tom Glocer, independent lead director for Morgan Stanley?and former CEO of Thomson Reuters,?and then provides four questions experts advise that boards should ask their CISO:
? ? ? ? ? ? ? ? ? ? ? ? ?"Tom Glocer, independent lead director for Morgan Stanley?and co-founder of cybersecurity firm BlueVoyant, said board members should press the chief information security officer to explain issues they don’t understand. “Don’t feel stupid if you’re a nontechnical board member,” said Glocer, the former chief executive of Thomson Reuters. Here are four questions experts say directors should pose to CISOs......
? ? ? ? ? ? ? ? ? ? ? ? ?These are the four questions:
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?-- Does leadership agree on the top cybersecurity risks?
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?-- What is the company culture related to cybersecurity??
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?-- What is the plan for communicating with regulators and shareholders about cyberattacks??
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?-- What would you do with more money?
? ? ? ? ? ? ? ? ? ? ? ? ?Below is the discussion of the first two questions, inter alia quoting Jim Routh, former security chief of the health insurance company Aetna?as well as MassMutual:
? ? ? ? ? ? ? ? ? ? ? ? ?"Does leadership agree on the top cybersecurity risks?: Jim Routh, former security chief of the health insurance company?Aetna?as well as MassMutual, said board members must determine whether management agrees on the top cybersecurity risks and how to allocate resources to manage them.?“If there’s not consensus, that’s a challenge,” Routh said, adding that board members should then ask additional questions.?It is essential to recognize that the company’s top risks are going to get the most attention and funding compared with lower-tier risks, he said.?“The board member really is just probing to see how the organization makes those difficult trade-off decisions and that’s no different than any other aspect” of business, he said. “That’s not unique to cybersecurity.”
? ? ? ? ? ? ? ? ? ? ? ? ? "What is the company culture related to cybersecurity?: Directors should ask about how cybersecurity is promoted companywide, said?Marzena Fuller, a former CISO who runs a firm that offers part-time CISO services. If the broader cybersecurity road map doesn’t seem to be connected to other parts of the business, cybersecurity isn’t getting sufficient support and is existing off on its own, she said. Similarly, Routh said it is important for businesses to share information about cybersecurity incidents widely within the company so that flaws are fixed and lessons are learned.?“A stifling, suppressive leadership style for big companies can be a real negative attribute for resilience,”?Routh said."
? ? ? ? ? ? ? ? ? ? ?(b) As discussed in this Dec. 23 WSJ article, "Shun This Basic Cybersecurity Tactic and Become a Target for Hackers", most recent high-profile successful cyber hacks can be traced back to "multifactor authentication", MFA:
? ? ? ? ? ? ? ? ? ? ? ? ? "Many businesses jeopardize their financial and reputational health by going without one of the most basic cyber hygiene measures: multifactor authentication.Recent high-profile hacks at UnitedHealth Group, Microsoft and Australian insurance giant Medibank were traced to a lack of MFA, a security tactic that requires more than one identification method to log into an account.?
? ? ? ? ? ? ? ? ? ? ? ? ? “In today’s day and age, there’s no reason not to use some form of MFA,” said Tom Hyslip, assistant professor in the department of criminology at?the University of South Florida?who focuses on cybercrime and cybersecurity. “Even the minimum MFA is a thousand times more secure than just a username and password,” Hyslip said.....
? ? ? ? ? ? ? ? ? ? ? ? ? ? "(C)ompanies that sidestep MFA risk incurring the high cost of cleaning up after a hack that exploits weak account protections, as well as repairing reputational damage that follows a breach, security professionals say. Here are five considerations for corporate security chiefs when rolling out MFA: ......"
? ? ? ? ? ? ? ? ? ? (c) Below is from this FT article last Thursday, "AI-generated phishing scams target corporate executives", inter alia quoting eBay?cyber crime security researcher Nadezda Demidova, and Sean Joyce, global cyber security lead at PwC:
? ? ? ? ? ? ? ? ? ? ? ? "Corporate executives are being hit with an influx of hyper-personalised phishing scams generated by artificial intelligence bots, as the fast-developing technology makes advanced cyber crime easier. Leading companies such as British insurer Beazley?and ecommerce group eBay?have warned of the rise of fraudulent emails containing personal details probably obtained through AI analysis of online profiles. “This is getting worse and it’s getting very personal, and this is why we suspect AI is behind a lot of it,” said Beazley’s chief information security officer Kirsty Kelly. “We’re starting to see very targeted attacks that have scraped an immense amount of information about a person.”??
? ? ? ? ? ? ? ? ? ? ? ?"Cyber security experts said the increasing attacks come during a period of rapid advancement for AI technology, as tech companies race to create ever more sophisticated systems and launch popular products for consumers and businesses. AI bots can quickly ingest large quantities of data about the tone and style of a company or individual and replicate these features to craft a convincing scam. They can also scrape a victim’s online presence and social media activity to determine what topics they may be most likely to respond to — helping hackers generate bespoke phishing scams at scale. “The availability of generative AI tools lowers the entry threshold for advanced cyber crime,” said?eBay?cyber crime security researcher Nadezda Demidova.?“We’ve witnessed a growth in the volume of all kinds of cyber attacks”, particularly in “polished and closely targeted” phishing scams, she added. Kip Meintzer, an executive at security company Check Point Software Technologies, told a recent investor conference that AI had given hackers?“the ability to write a perfect phishing email”.
? ? ? ? ? ? ? ? ? ? ? ?"More than 90 per cent of successful cyber attacks begin with a phishing email, according to the US Cybersecurity and Infrastructure Security Agency.....Researchers have warned that AI is particularly effective for crafting business email compromise scams — a specific type of malware-free phishing where fraudsters trick recipients into transferring funds or divulging confidential company information......AI is “being used to scan everything to see where there’s a vulnerability, whether that’s in code or in the human chain”,?said?Sean Joyce, global cyber security lead at PwC. Phishing scams generated using AI may also be more likely to bypass companies’ email filters and cyber security training. Basic filters, which generally block repeated bulk phishing campaigns, may struggle to track these scams?if AI is used to rapidly generate thousands of reworded messages, said eBay’s Demidova."
? ? ? ? ? ? ? ? ? ?With reference to the above FT article, note also this Fortune article last Thursday, "Cybersecurity leaders scramble to educate employees on generative AI threats."
领英推荐
? ? ? ? ? ? ? ?(ii) latest data on audit fees: The latest data on audit fees and practices?in this report released earlier this month by the research affiliate of Financial Executives International?(FEI),?the "15th Annual Audit Fee Survey & Insights Report" (for purchase only). Highlights from the report are described in the related FEI press release, "Audit Fees Surge as Inflationary Pressures Continue to Mount", as well in this Dec. 17 Accounting Today blog post, "Average audit fees grew 6.41%.". Below is from the Accounting Today?blog post:
? ? ? ? ? ? ? ? ? "Overall average audit fees increased by 6.41% from 2022 to 2023, according to a new report.?The annual report, released Tuesday by Financial Executives International's Financial Education & Research Foundation, found that the average audit fee increased to $3.01 million in 2023, up from $2.83 million in the previous cycle, reflecting a 6.41% rise based on a representative sample of public company filings. The report is based on surveys distributed to FEI members and interviews between August and October of this year. Representatives from 123 private companies and nonprofits and 50 public company members participated in the research.?
? ? ? ? ? ? ? ? ? "Some of the factors behind the increase include inflationary pressures, along with the increased amount of effort that auditors need to put into their jobs to meet evolving standards.?Over half (57%) of member company respondents indicated they've been working harder to support their organization's 2023 audit, compared to the previous year. Changes to internal controls over financial reporting were cited as the most common contributor to the increase in company audit effort (43%),?followed by 29% for various reasons, including changes to organizational structure, M&A, turnover in company or audit team staff, and restatement and/or internal control deficiencies.....
? ? ? ? ? ? ? ? ? ? "Despite all the hype around the use of artificial intelligence, AI has been applied to fewer than 20% of public company audits and fewer than 3% of private company audits, according to the survey respondents. The use cases for AI still haven't evolved beyond other tools and techniques such as general ledger anomaly detection and financial statement tie-out....."
? ? ? ? ? ? ? (iii) human capital management: RIP the annual performance review?: Below is from this Dec. 20 Fortune article, "The case against performance reviews: It’s time for bosses to throw out the ‘clunky’ annual critique", inter alia featuring the views on annual performance reviews of Dan Kaplan, senior CHRO client partner for consulting firm, Korn Ferry:
? ? ? ? ? ? ? ? ? ?"Everyone hates performance reviews. The yearly evaluation forces workers to wait all year to discuss a promotion, or potential performance issue.?And they’re not just anxiety-inducing?for employees—managers dread them, too.?Supervisors often suffer under the emotional burden of giving a poor review. And even when they’re giving positive feedback, they’re forced to recall and compile a year’s worth of their employees’ achievements and shortcomings in a short period of time.
? ? ? ? ? ? ? ? ? ? "No one really likes to rank themselves and write about their own successes and shortcomings. You’re doing it once a year, you’re trying to remember what you did, because this is your one chance to try and to get a bonus,” Dan Kaplan, senior CHRO client partner for Korn Ferry,?a consulting firm, tells Fortune.?“It’s a very clunky, cumbersome, time-consuming, uncomfortable process.”....“Most people hate [performance reviews] and most managers hate them,” Kaplan says. “It’s done that way because it’s always been done that way. But what many really good companies have been striving for is to drive continuous feedback.”.........
? ? ? ? ? ? ? ? ? "The goal of the annual review is that employees are rewarded for their contributions throughout the year, and course-corrected if they’re not on the right path. But instead,?these evaluations can serve as let-down: employees are surprised by negative feedback, or soft-fired by a manager who wants to get rid of them for any number of reasons. “If you’ve waited all year and your annual review is that you’re a terrible performer, shame on company management for letting you go all year and not know it,” Kaplan says. “That essentially is an indictment of leadership, that you have not communicated to a poor performer other than once a year. And for sure, the trust goes down.”
? ? ? ? ? ? ? ? ? ? "A growing number of companies are replacing traditional evaluations with continuous manager feedback.?In 2016, Accenture?did away with the annual meeting and instead directed managers to give timely employee feedback after completed assignments.?In 2022, Yahoo?scrapped its biannual process in favor of supervisors habitually checking in on their direct reports. Lisa Moore, chief people officer at Yahoo,?told Fortune earlier this month?that the company decided to do away with?“big emotive moments. And instead we’ve gone to continuous check-ins.”.......
? ? ? ? ? ? ? ? ? ?"There are a few reasons why continuous feedback is becoming the new normal.?For the many managers overseeing remote or hybrid teams, repeated check-ins can catch any potential issues that would be more apparent in office settings. Plus, the evaluation strategy is more flexible, which may be a better cultural fit for many employers operating on hybrid schedules. “With people being remote under COVID, it became that much more important for more regular discourse and feedback,”?says Kaplan. 'You have HR organizations that have become more respected and credible that are now saying, ‘We’ve always known that there’s a better way. Now let’s push it'......."
? ? ? ? ? ? ? ? ? ?On the same topic in abbreviated form, see the Dec. 27 Fortune Daily CHRO Newsletter, "Annual performance reviews are riddled with flaws—here’s how workplaces could reimagine employee evaluations."
? ? ? ? ? ? ? (iv) press releases/precedent of?the day CEO offer of employment letter):
? ? ? ? ? ? ? ? ? ?(a) Euronext Exchange-traded, French energy-management and automation group and Fortune Global?500 company, Schneider Electric SE,?announced on Tuesday in this press release the appointment of, inter alia, a new Chief Sustainability Officer, as follows:
? ? ? ? ? ? ? ? ? ? ? ?"Schneider Electric, the leader in the digital transformation of energy management and automation, is appointing?Frédéric?Godemel as Executive Vice-President for Energy Management,?Chris Leong as Chief Sustainability Officer?and Jing Ren as Executive Vice-President for Strategy, Brand and Communications, effective January 1, 2025.....
? ? ? ? ? ? ? ? ? ? ? ? ?"Chris Leong’s new mission as Chief Sustainability Officer will be to advance the company’s sustainability commitments and goals, continuing to strengthen its leadership position in the field.?Prior to this appointment, Chris has been Chief Marketing Officer for a decade, establishing a strong marketing practice and excellence in the industry......"
? ? ? ? ? ? ? ? ? ? (b) Nasdaq-listed Liberty Media Corporation?announced yesterday in this press release?the appointment of a new CEO, being a current member of the company's board of directors since 2021, as follows:
? ? ? ? ? ? ? ? ? ? ? ? ?"Liberty Media Corporation?today announced that Derek Chang has been appointed President and Chief Executive Officer. Mr. Chang is a veteran executive across the global media, sports and entertainment industries. He has led operating, corporate development and investment teams at prominent companies during various stages of growth including EverPass Media, the NBA, DIRECTV, Scripps, Charter and TCI. Mr. Chang has been a director of Liberty Media since March 2021, providing a deep understanding of Liberty’s operating businesses and corporate history......
? ? ? ? ? ? ? ? ? ? ? ? "Mr. Chang will start in his new role on February 1, 2025. John Malone, Chairman of Liberty Media, will serve as interim CEO until that time. Mr. Chang will join the Executive Committee of the Liberty Media Board....Most recently, Mr. Chang was the Executive Chairman of EverPass Media.....
? ? ? ? ? ? ? ? ? ? ? ? In connection with this appointment, the new CEO and the company entered into this Offer of Employment Letter, as summarized in the related Current Report?filed with the SEC.
? ? ? ? ? ? ? ? ? ? (c) NYSE-listed?Harley-Davidson, Inc. announced yesterday in this press release?that the?CFO would take on the additional role of President, Commercial,?as follows:
? ? ? ? ? ? ? ? ? ? ? ? ?"Harley-Davidson, Inc. today announced that Jonathan Root has been promoted to President, Commercial; Root will continue to serve as Chief Financial Officer at the Company. Following this change, Root's new title will be "Chief Financial Officer and President, Commercial." Root will assume his new responsibilities effective?January 27, 2025, reporting to CEO?Jochen Zeitz. In this expanded role, Root will assume oversight of global commercial operations while retaining his existing leadership of the finance organization.....Root was appointed as Harley-Davidson CFO in?June 2023....."
? ? ? ? ? ? ? -----------------------------------------------------?
Please contact me if you would like to be on the distribution list and receive every issue of this newsletter directly in your inbox.