As for the "enterprise" level discussion, perhaps it's better if they keep it between themselves?
If your security measures rely on keeping them secret, they aren't good security measures.
They shouldn't rely on secrecy, but should be discussed on a need-to-know basis between service providers, or between customers and providers. I think that's common sense. Anyhow, it wouldn't hurt to have the board. Everyone can decide if and how much they would be sharing there.
what you just said is that you rely on secrecy, a completely open and transparent security solution allows for open source collaboration on fixing any holes, regardless of the sensitivity of your situation.
There are more whitehats on here than blackhats, and those whitehats are generally better at their job, too.