An Interview with Digital Directors Network Founder Bob Zukis

An Interview with Digital Directors Network Founder Bob Zukis

This interview is part of our Cybersecurity Insights Series, where we tap our partners and industry experts for the latest trends, thoughts, and predictions for cybersecurity and beyond.

At a time when major cyberattacks are filling the headlines and companies are becoming more and more aware of the rapidly evolving cyberthreats out there, it has never been more important for company leaders to address this issue directly. Bob Zukis is the founder and CEO of a company that does just that – Digital Directors Network exists to help members of the C-suite orient their governance and operations around managing and mitigating risk, particularly when it comes to cybersecurity. 

Bob was kind enough to take a few minutes out of his busy schedule to chat with me about the creation of cyber-aware company cultures, the trends he sees in the corporate management of cyber risk, and why a focus on cybersecurity is so vital in the boardroom.  

Zack Schuler: What was the genesis of Digital Director’s Network? (In other words, why did you “found” it?)

Bob Zukis: To solve the digital and cybersecurity leadership crisis in corporate boardrooms. The vast majority of corporate boards don’t have the capabilities to govern these issues, and the boardroom is a critical part of every company’s cybersecurity system. We like to say cyber success starts in the boardroom, and so does cyber failure. 

ZS: What is the most challenging aspect of your job in a post-COVID world?

BZ: COVID has helped to expose boardroom digital and cybersecurity weakness, so that aspect of what we’ve all been going through has actually helped to advance the issue. I think our biggest challenge, like many, is making sense out of all the impacts of COVID to understand what’s a temporary shock to a market or an issue as opposed to a permanent shift. We’re anticipating some very powerful shifts, and this is actually part of what we’re trying to get the boardroom to understand as well. 

ZS: What makes your network different from others that cater to CISOs, and the C-suite in general?

BZ: We’re a learning network. We help CISOs get better at working with their own boards – no one else is doing that and we identified this need early on. And we also help them on their boardroom journey to become corporate directors. We think boards need thousands of new directors with skills and capabilities on cybersecurity and risk, and we want to be the primary source of supply. Probably most importantly, we’re advancing their ability to understand systemic risk and how it interacts with cyber risk. All of the hacks we’re seeing are exploiting systemic weakness, and we’re advancing technology leaders and corporate directors’ ability to understand this new dimension of risk as a core part of DDN. Finally, we don’t charge our members dues, but we are a curated network. Our members are the leaders who are working at the senior levels of business to solve these problems. 

ZS: What do companies need to understand about the importance of creating cyber-aware cultures?

BZ: That it starts at the top, in the boardroom. And that effective cybersecurity is a system with a lot of component parts that have to work together effectively, which involves culture and having an entire organization that is a part of the system. Hackers are great at exploiting that one systemic weak point, whether it’s an employee or a single device. The cybersecurity system is what’s important, and that means every part is as well, including the boardroom.  

ZS: What is the economic impact of cyberattacks on companies?

BZ: Most companies and boards don’t realize they are largely self-insured for cyber risk. The cyber insurance industry has been growing rapidly, but they’ve only insured a fraction of cyber risk – less than 10 percent in our calculations. That means companies need to translate cyber risk into economic concepts and manage it like any other financial risk. Just talking about risk metrics is only half of the equation – boards and companies need to know how much potential economic loss is at stake. That’s the next threshold of this issue, and we’re working with some partners and clients to do just that. 

ZS: Have you ever been hacked?

BZ: As a company, no – as an individual, yes. My information has been compromised through breaches in other companies. Good cyber hygiene from top to bottom is the best system of defense, which is what we practice. That includes the basics such as cyber awareness and building a cyber resilient culture. This is where NINJIO comes in – our partnership brings this content to the boardroom, which helps corporate directors set the right cyber tone at the top.    

ZS: What is your favorite part of teaching at the USC Marshall School of Business? Do you think students understand the implications of living in this digital, always-on, highly connected world?

BZ: Definitely seeing the students apply what they’ve learned. Students are a lot more informed than I was at their age, given they are growing up in the digital information age. And they are definitely digitally savvy, but the same can’t be said for the generation that currently occupies the corporate boardroom. That’s the natural state of things, though, and why we need to focus on this issue at the highest levels of leadership. I’m not convinced students understand the digital risks and consequences of their online actions, although some certainly do – and they can all be taught.  

ZS: If you had one prediction about the evolution of cybersecurity in the next five years, what would it be?

BZ: I think we’ll see massive board transformation around this issue, which will drive corporate transformation in cybersecurity. It won’t happen until leadership at that level drives it, which is what we saw with Sarbanes-Oxley and financial reporting. I think a piece of legislation – S. 808, The Cybersecurity Disclosure Act of 2021 – will pass into law (it’s been proposed for the fourth straight Congress) and have the biggest impact on cybersecurity. This simple law will force public company boards to add cybersecurity experts and expertise to the boardroom, this will then start a renewed management focus and approach to cybersecurity as a material business risk.