Mike PaulMike Paul

In 2023, I provided risk management and corporate governance advice to several Fortune 100 boards of directors. Reputation Doctor LLC provides CEO and board advisory services to leading corporations. We’ve been a leader in mitigating corporate governance risk for many years.

A prime example of a hemorrhaging crisis in corporate governance is global cybersecurity risk. In 2023, a client and leading corporation had all members of its board of directors fill out revised paperwork regarding cybersecurity as a requirement for updating its D&O insurance policy. As we all know, cybersecurity risk continues to grow exponentially each year.

One leading independent director on this corporate board for 10 years had checked all the boxes as an expert in the cybersecurity portion of the D&O insurance paperwork. I just happened to be at the board meeting after giving a presentation minutes before on risk management issues. I asked Tom—I changed his name for confidentiality reasons—why he felt so comfortable checking all the boxes under cybersecurity as an expert. He quickly said, “Don’t you remember that two-day cybersecurity conference we went to last year in Silicon Valley? I learned so much there!” I whispered in his ear that, in my professional opinion, being an expert meant a much deeper understanding of the cybersecurity field than two days as a conference participant. He quickly rushed to change his answers on the D&O insurance paperwork. Tom is also 82 years old. I mention this—with the risk of being called ageist—because I know Tom well and I knew he had little to no cybersecurity expertise and I also knew it would be crucial for the insurance company to have an accurate, truthful assessment of board expertise. I also know Tom isn’t alone when it comes to fudging expertise on D&O insurance or stretching the truth in critical committee meetings as well as in full board meetings.

This article is featured in O'Dwyer's Jan. '24 Crisis Communications & PR Buyer's Guide Magazine
(view PDF version)

According to Crowdstrike—a global leader in cybersecurity—as most organizations focus on managing remote and hybrid teams, operationalizing years of digital transformation and navigating a highly uncertain global economy, adversaries and threat actors have become much more sophisticated, relentless and damaging in their cyberattacks. This includes global, cloud-computer infrastructures and file-less cyberattacks on high-profile organizations with devastating consequences. As a result, there’s certainly no room for stretching the truth, lying or spinning about cybersecurity experience on corporate boards of directors. The same holds true for other critical issues faced by boards including: digital transformation; environment, sustainability and governance; diversity, equality and inclusion; financial resilience; executive compensation; navigating ever-changing regulatory requirements and many other important issues where critical ethics and values are needed by each director on 21st century boards.

The paradigm for global business has changed post-pandemic and, in my professional opinion, the paradigm and ethical requirements for public corporate boards have changed significantly as well. 21st-century corporate boards of directors are not your grandfather’s corporate board, because most global board issues have changed tremendously, for reasons including: yearly digital transformation, more dangerous global-threat actors (as well as the digital sophistication of today’s global cyber threats), growing DEI issues as global demographics shift each year, crucial global ESG issues affecting our planet and our global community, constantly evolving global regulatory issues in many countries on six continents worldwide, complex global financial resilience issues in every sector of our changing world (now at war), and staggering global executive compensation issues.

In the past decade alone, I’ve actively helped more than two dozen former public corporate board directors step down from their board positions due to the growing list of corporate governance issues listed above. After counseling them successfully, these powerful, mostly white men wanted to hatch a plan to step down before being asked to leave. They also wanted to secure their legacy in leadership. My advice to most of them was to look more closely at the world today and look at what the world is predicted to look like in the next 10 years. I then asked them to compare that data to the data of their own enterprises worldwide. As they stepped down, they saw their own goal must be to match the demographics of their enterprise’s shareholders and stakeholders, which many times was seeking to match the demographics of the nation or the world in which the enterprise resided, operated and served. Much of our strategy and implementation was done stealthily. However, several of them wanted to do more. Several of these courageous white men wanted to help groom their replacements on the board and many times those new board replacements were highly-qualified women—including women of color—as well as many new and highly qualified men of color. It’s important to also point out that all of these new—what many are now calling Next Gen—independent directors have been waiting for many seats on public corporate boards to open up to have their opportunities to add great value to corporate boards. In fact, many public corporate directors of color believe they have to be twice as good just to be nominated to join a public corporate board.

Why the change in the powerful white men I counseled? You see, these retiring and powerful board directors learned through humility and by studying important data and analytics that the world around them was changing quickly and they now wanted to be a part of something important for the future. They’ve witnessed concrete, personal examples of how the U.S. population has changed. They know that major cities began experiencing tipping-point change in the mid-’90s. (New York, for example, changed from being a white-majority population to a people-of-color majority population for the first time in history.) That was almost 30 years ago! Today, New York is comprised of almost three-fourths people of color. This requires new leadership to handle complex issues in our changing world. (By the way, this is also why calling people of color “minorities” in many cities today is no longer accurate.)

How is this relevant to the best practices approach for public corporate boards of directors? Well, I think it should be obvious, but let me explain. The goal of any enterprise is to seek to represent the demographics of which it resides, operates and serves. That includes shareholders and stakeholders—including employees, customers, partner organizations and suppliers—within an enterprise’s footprint worldwide. This includes gender, race, culture, disabilities and more in the breakdown of data. And this data is to be shared transparently with accountability for all to see. Sadly, many are still not doing so today. This is the best-practices approach to understanding what an enterprise is versus simply its logo, buildings, slogans, mottos or mission statement. A brand is truly a combination of all of the positives above, and its people—including its employees and all of its shareholders and stakeholders—are the most vital part. People are the heart, mind and soul of any brand. This is why DEI and ESG goals, data and mission are crucial. Oh, you can call them something else, but their essence and truth and importance in the coming years won’t subside. DEI and ESG aren’t about politics unless we allow politics to “trump” logic, science, truth, love and more, including our shareholders and stakeholders. By the way, this also includes our children and grandchildren, as well as other important values we’re supposed to learn from and cherish at home and at work.

Again, how is this relevant to public corporate boards of directors? Well, when it comes down to it, public corporate boards have a long history of being highly exclusionary elite clubs of mainly white men. Sad, but true. So exclusionary, in fact, they left many out of the boardroom on purpose for generations. As a result, most public corporate boards are highly incomplete and they certainly don’t ask all the right board questions to best help the enterprise compete, grow and flourish.

In the past, for example, I counseled a board of directors regarding risk management and corporate governance issues for a major corporation that made mostly products for women. Their board of directors for most of the company’s existence—generations—was made up of all white men. We had to quickly find the customer data to factually prove that not having women—including having women of color—on their board and in key leadership and staff positions worldwide was hurting the enterprise in many ways, and the color green—money—was waiting to be tapped with many more stakeholders and shareholders. Keeping people out isn’t only clear prejudice but also unwise for a business enterprise.

McKinsey did a DEI study almost 10 years ago, and the critical results are even more valid today: Enterprises that seek to match the accurate and true demographics for which the enterprise resides, operates and serves—including all of its shareholders and stakeholders—on average make a third more in profits than those that don’t. The study also, in my opinion, provided another fact: Those enterprises that don’t embrace the McKinsey study’s findings struggle with change, including moving away from prejudice and racism. Why? Making more money should encourage every board and c-suite in the world to passionately embrace DEI goals from intern through board member, especially with the pressure for growth in sales on a quarterly basis by all.

In conclusion, public corporate boards seek to mitigate risk for the entire enterprise. In doing so, hopefully, boards would avoid doing anything negative that might result in a viral headline (or worse, result in a board director or several canceled publicly). Let’s hope 2024 brings much better risk management and overall governance for corporate boards themselves, including a best practices approach to board succession planning and board refreshment. Why? Because public corporate boards of directors could face much more litigation and risk management governance issues in 2024. All 21st century public corporate boards should lean on core values, courage and ethics as opposed to faking it or fudging it along the way.


Mike Paul is CEO of Reputation Doctor, a leading, award-winning CEO and board advisory firm specializing in crisis communications, risk management and litigation communications. ReputationDoctor.com