Lack Of Tech Expertise At Board Level Puts Strategy At Risk

Uploaded on 2019-02-25 in NEWS-News Analysis, FREE TO VIEW, TECHNOLOGY--Resilience

Boards lack the technological expertise to fully understand the challenges and opportunities that data and technology present to their organisations according to a recent poll by ICSA: The Governance Institute and recruitment specialist The Core Partnership.

The poll of governance professionals, which was first published in December 2018, found that just 51% of boards understand the challenges and opportunities that data and technology present to their organisations.

Some 29% of the company secretaries who took part in the poll think that their boards do not fully understand and a further 20% could only attest to ‘maybe’.

This lack of knowledge is a concern as it creates a barrier that prevents boards from engaging properly with technology at a strategic level, with some 58% of respondents considering lack of knowledge to be the main obstacle.

While 22% of respondents allude to another reason, 16% cite language as an impediment and 4% blame the onboarding process, 58% is a worryingly high number given the fact that the digital age has been upon us for a considerable time now.

Technology and data are big news and all types of organisations are increasingly required to keep up with the latest developments so it seems logical that boards should consider both technology and data when looking at strategy.

The results of the poll seem to point to greater understanding of data than technology with one respondent stating that ‘Challenges arising from data management are more readily understood (e.g. the impact of poor data quality), but the real opportunities available to the organisation through the effective use of data are less well considered – especially through the lens of commercial strategy.’

When asked if there were particular areas in which boards needed to improve their knowledge, AI and automation was chosen as the main area of concern, with 25% of respondents selecting this option.

This was chosen above all of the other options: using data effectively (creating value), 16%, GDPR (3%), cyber security (15%) and IT governance (9%), although 22% of respondents stated that boards need to improve their understanding in all of the areas mentioned.

Pace of Change

With new technology emerging quicker now than at any other time during the last 40 years, the speed at which technology is evolving is giving boards cause for concern.

Even if boards do receive presentations about technology, the opportunities move rapidly and it is hard to ensure that a board which meets just a few times a year has its finger fully on the pulse in terms of opportunities that might exist.

As one respondent says ‘The speed at which technological advances are at pace means key aspects of the technology journey may not be provided in a timely manner.’ Another respondent affirms that ‘Technology updates are provided but given the quarterly cycle of meetings there’s no guarantee that up-to-date information is cascaded to the board’.

It can also be hard to find time in busy agendas to focus on the technology aspects. While there has been a focus on GDPR and cyber security in recent years, the focus has been on risks rather than opportunities.

Having a good understanding of GDPR requirements and the risk of cyber-attack is a good thing, but boards also need to consider more strategic elements, such as AI/automation and digitisation.

Having vision is about conceptualising possibilities and strategy should focus as much on opportunities as risks. Boards can ill afford to ignore the former as opportunities are what will drive an organisation forward.

The lack of focus on strategic opportunities could be down to the fact that most boards are made up of people who are of a generation that do not really understand the possibilities and threats offered by technology.

While the pace of change can be challenging for all boards, it is particularly so for those predominantly made up of people who are not digital natives.

On top of this, changes in corporate governance, data privacy requirements and regulation mean that it can be difficult for non-executive directors to maintain an adequate level of knowledge across all areas. While it is incumbent upon directors to proactively seek to expand their knowledge, there are time limits on what is achievable given the part-time nature of the role.

Getting younger people onto the board might offer one solution, but this might be easier said than done. It might also be suitable for some organisations to have an IT specialist sit on the board, but this would not be appropriate for all.

Moreover, having one director with responsibility for technology might allow others to obviate their responsibility, which is clearly not an option.

As one respondent quite rightly said “Technology is both an opportunity and a threat, Boards need to understand how it impacts the business both operationally and strategically”. This is a responsibility that all Directors must share.

Please contact Cyber Security Intelligence if you would like a Report prepared on your Business Tech Capabilities.

Financial Director:               Image: Nick Youngson

You Might Also Read: 

Business Cyber Security Strategy £:

 

 

« Hidden Truth About Cyber-Crime: Insider Threats
DARPA To Test Infrastructure Resilience »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSO

CSO

CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks.

Kaseya

Kaseya

Kaseya is a premier provider of unified IT management and security software for managed service providers (MSPs) and small to medium-sized businesses (SMBS).

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU CCIS is a national centre for research, education, testing, training and competence development within the area of cyber and information security.

Tenfold Software

Tenfold Software

Tenfold is the unique, centralized platform for managing user and permissions efficiently and automatically.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

IXDen

IXDen

IXDen provides a novel software-based approach to OT systems protection, covering Industrial IoT cybersecurity and sensor data integrity.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.