An article that I stumbled upon a few weeks back has me wondering just that... Do boards of directors at financial institutions need a cybersecurity expert?
The article on Harvard Business Review is from a year ago, and it actually made the argument that banks should have a technology expert as a member or advisor, but only one year later, anyone not living in a cave would say that "technology" could, or should be replaced with cybersecurity.
The FFIEC even went into great detail in their November 2015 update of the IT Management Handbook, on how involved the board should be in cybersecurity. (more about that in my post here)
It may be time to consider adding cybersecurity experience to your board or even seeking an outside advisor...