Inexpert Supervision: Field Evidence on Boards' Oversight of Cybersecurity.
Saved in:
| Authors: | Lowry, Michelle R.1 (AUTHOR) michellel@vt.edu, Vance, Anthony2 (AUTHOR) anthony@vance.name, Vance, Marshall D.1 (AUTHOR) mdvance@vt.edu |
|---|---|
| Source: | Management Science (INFORMS). Feb2026, Vol. 72 Issue 2, p783-804. 22p. |
| Subject Terms: | *Boards of directors, *Supervision, *Corporate directors, *Corporate governance, *Data protection, *Expertise, *Information assurance |
| Abstract: | We conduct a field study of boards' emerging responsibility to oversee cybersecurity risk, a setting in which few directors have expertise. We find that, although nonexpert directors may genuinely seek to provide diligent oversight, without expertise their efforts lack substance and therefore are mostly symbolic, even when they perform the same oversight activities as expert directors. We also explore why boards do not prioritize the appointment of cybersecurity experts and show that nonexpert directors do not perceive that their efforts are symbolic and insufficient. In contrast, expert directors perceive keenly the deficiency of their nonexpert counterparts and argue for the need for more cybersecurity experts on boards, and this viewpoint is shared by cybersecurity executives and consultants who support the board. Thus, we contribute to our understanding of when boards are likely to provide substantive versus symbolic oversight and inform the debate on the merits of board-level cybersecurity expertise. This paper was accepted by Ranjani Krishnan, accounting. Funding: This work was supported by a Security, Privacy, & Trust grant from the Pamplin College of Business and the Commonwealth Cyber Initiative of Virginia. Supplemental Material: The online appendix is available at https://doi.org/10.1287/mnsc.2023.04147. [ABSTRACT FROM AUTHOR] |
| Database: | Entrepreneurial Studies Source |
|
Full text is not displayed to guests.
Login for full access.
|
|
| FullText | Links: – Type: pdflink Text: Availability: 1 |
|---|---|
| Header | DbId: ent DbLabel: Entrepreneurial Studies Source An: 191433159 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Lowry%2C+Michelle+R%2E%22">Lowry, Michelle R.</searchLink><relatesTo>1</relatesTo> (AUTHOR)<i> michellel@vt.edu</i><br /><searchLink fieldCode="AR" term="%22Vance%2C+Anthony%22">Vance, Anthony</searchLink><relatesTo>2</relatesTo> (AUTHOR)<i> anthony@vance.name</i><br /><searchLink fieldCode="AR" term="%22Vance%2C+Marshall+D%2E%22">Vance, Marshall D.</searchLink><relatesTo>1</relatesTo> (AUTHOR)<i> mdvance@vt.edu</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Management+Science+%28INFORMS%29%22">Management Science (INFORMS)</searchLink>. Feb2026, Vol. 72 Issue 2, p783-804. 22p. – Name: Subject Label: Subject Terms Group: Su Data: *<searchLink fieldCode="DE" term="%22Boards+of+directors%22">Boards of directors</searchLink><br />*<searchLink fieldCode="DE" term="%22Supervision%22">Supervision</searchLink><br />*<searchLink fieldCode="DE" term="%22Corporate+directors%22">Corporate directors</searchLink><br />*<searchLink fieldCode="DE" term="%22Corporate+governance%22">Corporate governance</searchLink><br />*<searchLink fieldCode="DE" term="%22Data+protection%22">Data protection</searchLink><br />*<searchLink fieldCode="DE" term="%22Expertise%22">Expertise</searchLink><br />*<searchLink fieldCode="DE" term="%22Information+assurance%22">Information assurance</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: We conduct a field study of boards' emerging responsibility to oversee cybersecurity risk, a setting in which few directors have expertise. We find that, although nonexpert directors may genuinely seek to provide diligent oversight, without expertise their efforts lack substance and therefore are mostly symbolic, even when they perform the same oversight activities as expert directors. We also explore why boards do not prioritize the appointment of cybersecurity experts and show that nonexpert directors do not perceive that their efforts are symbolic and insufficient. In contrast, expert directors perceive keenly the deficiency of their nonexpert counterparts and argue for the need for more cybersecurity experts on boards, and this viewpoint is shared by cybersecurity executives and consultants who support the board. Thus, we contribute to our understanding of when boards are likely to provide substantive versus symbolic oversight and inform the debate on the merits of board-level cybersecurity expertise. This paper was accepted by Ranjani Krishnan, accounting. Funding: This work was supported by a Security, Privacy, & Trust grant from the Pamplin College of Business and the Commonwealth Cyber Initiative of Virginia. Supplemental Material: The online appendix is available at https://doi.org/10.1287/mnsc.2023.04147. [ABSTRACT FROM AUTHOR] |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=ent&AN=191433159 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1287/mnsc.2023.04147 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 22 StartPage: 783 Subjects: – SubjectFull: Boards of directors Type: general – SubjectFull: Supervision Type: general – SubjectFull: Corporate directors Type: general – SubjectFull: Corporate governance Type: general – SubjectFull: Data protection Type: general – SubjectFull: Expertise Type: general – SubjectFull: Information assurance Type: general Titles: – TitleFull: Inexpert Supervision: Field Evidence on Boards' Oversight of Cybersecurity. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Lowry, Michelle R. – PersonEntity: Name: NameFull: Vance, Anthony – PersonEntity: Name: NameFull: Vance, Marshall D. IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 02 Text: Feb2026 Type: published Y: 2026 Identifiers: – Type: issn-print Value: 00251909 Numbering: – Type: volume Value: 72 – Type: issue Value: 2 Titles: – TitleFull: Management Science (INFORMS) Type: main |
| ResultId | 1 |