Skip links

What does our board need to know about cybersecurity?

CYBERSECURITY is a threat to your club. The club manager in a Nebraska club faced the unhappy task of calling his members to tell them that their personal information has been hacked from the club’s records. The members’ reactions were predictably along the lines of “How could you let this happen?”

In fact, the hackers were a Chinese group intent upon collecting private information for criminal purposes. Other than having failed to upgrade the security setting on the club’s software system for three seasons, the club and its manager had not done anything “wrong.” (The software security upgrades were $600 per year.)

Information protection, privacy and cybersecurity are threats in many clubs. Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security—both are used to protect against unauthorized access to data centers and other computerized systems. The club was inattentive to the threat.

Joseph Saracino, a former U.S. Navy Intelligence Officer, knows cybersecurity inside and out. He notes that protection of data is not only important for each and every member; it is important for the reputation of the club as well.

Since the 2018 hack of the PGA of America servers that may have compromised promotional materials for the 2018 PGA Championship and the subsequent 2018 Ryder Cup, Saracino’s team at Cino Ltd., has been busy in clubs across the country.

He recommends that every club take three mission-critical steps:

  1. Make cybersecurity an everyday job;
  2. Execute a vulnerability assessment along with a penetration test every year; and
  3. Form a Cybersecurity Committee in your club.

Cybersecurity, Saracino emphasizes, is an all-the-time proposition. The Cybersecurity Committee should address cybersecurity issues, discuss cyber policies specific to each club’s environment, and execute a plan of action that can be articulated to staff and club members.

In a March 2018 article, Forbes described the issue of cybersecurity on a broader scale:

“To help explain why security knowledge is so important, let’s first establish the baseline of how daily life operates for most of us. There aren’t many careers left that aren’t based on technology,” says Matt McCormack, Chief Security Officer at Virtustream.

“Teachers in classrooms are using SMART boards. Someone who comes to your home to do contract work will whip out a smartphone or tablet and add information to an app on the spot. The mistakes that cause the most damage at companies are security-related—something as small as clicking attachments in emails without knowing if they are safe.”

Of course, security concerns don’t stay at work. “Nowadays, you’re not just worried about the security of your company, but also your own security and what you put out on your social networks,” McCormack continues. “When I worked for the government, we constantly advised people on what they could and couldn’t do—even outside of work—when it came to social media.”

Accenture, the worldwide consulting firm, advises leaders to ask four important questions about cybersecurity:

  1. Do you understand what is at stake? CEOs and boards are ramping up their engagement in cybersecurity—to a point where they are assuming accountability for the cyber risks facing the company.
  2. Do you put cybersecurity first? An Accenture client survey found that 83% have completely embedded cybersecurity into their culture.
  3. How much is the right amount of funding? Funding means getting the basics right and using innovation to improve cybersecurity and data protection.
  4. Are you measuring your cybersecurity efforts for business resilience? A security-first culture will constantly monitor and measure the most business-relevant elements to help the business embrace disruption safely, according to Accenture.

Saracino summarizes the matter of cybersecurity saying, “Most know we have referred to the ‘Cyber Battlefield’ for some time. Well, that battle continues to rage, and we are all in it.”

Henry DeLozier is a principal at Global Golf Advisors, an international club management consulting firm that provides specialized services to more than 3,000 clients from offices in Toronto, Phoenix and Dublin (IR). He can be reached at [email protected] or visit