The National Association of Corporate Directors (NACD), the authority on boardroom practices representing more than 20,000 board members, today announced that Christopher R. Hetner, managing director of cyber-risk security consulting at Marsh, will serve as NACD’s new special advisor for cyber risk. As special advisor, Hetner will deliver expertise to NACD related to cyber-risk oversight and preparedness. Hetner recently left the U.S. Securities and Exchange Commission to join Marsh, a global leader in insurance broking and innovative risk-management solutions.
Hetner was most recently senior advisor for cybersecurity policy to Chair Jay Clayton at the SEC. Prior to that, Hetner served as senior advisor for cybersecurity policy to former chair Mary Jo White and former acting chair Michael Piwowar. Hetner helped establish the position in 2016 to better coordinate cybersecurity policy efforts across federal financial regulators, enhance the SEC’s ability to assess cyber threat-related market risks, and improve the SEC’s cybersecurity posture. Hetner also served as the cybersecurity leader for the Technology Control Program in the SEC’s Office of Compliance Inspections and Examinations.
Hetner will be joining NACD’s Board Advisory Services faculty, providing in-boardroom, hands-on training to boards on improving cyber resilience and cyber-risk oversight and management. He will provide key insights to help inform NACD’s overall content development in the area of cybersecurity, and he’ll bolster NACD thought leadership on cyber preparedness and cyber-risk mitigation. He’ll also help facilitate NACD’s engagement with Capitol Hill and regulatory agencies on cyber matters.
The 2018–2019 NACD Public Company Governance Survey of more than 500 public company directors revealed that 42 percent of directors foresee cybersecurity threats as having the greatest effect on their company over the next 12 months. At the same time, the vast majority of directors (81%) believe that their boards’ understanding of cyber risks has improved over the last two years, perhaps because 50 percent of directors indicated that cyber-risk reporting from management is of much higher quality than it was two years ago. More than half of directors (52%) are confident that they sufficiently understand cyber risks to provide effective cyber-risk oversight.
Prior to joining the SEC, Hetner spent 20 years in a variety of senior cybersecurity and technology-risk management roles in the private sector. Most recently, Hetner led Ernst and Young’s Wealth and Asset Management Cybersecurity practice, served as global chief information security officer at GE Capital, and led global information-security programs as senior vice president in Citigroup’s Institutional Client Group.
Hetner holds industry-leading certifications including the CISSP (Certified Information Systems Security Professional), the NSA INFOSEC Assessment Certification, and the CISM (Certified Information Security Manager).