Lack Of Tech Expertise At Board Level Puts Strategy At Risk

Uploaded on 2019-02-25 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Boards lack the technological expertise to fully understand the challenges and opportunities that data and technology present to their organisations according to a recent poll by ICSA: The Governance Institute and recruitment specialist The Core Partnership.

The poll of governance professionals, which was first published in December 2018, found that just 51% of boards understand the challenges and opportunities that data and technology present to their organisations.

Some 29% of the company secretaries who took part in the poll think that their boards do not fully understand and a further 20% could only attest to ‘maybe’.

This lack of knowledge is a concern as it creates a barrier that prevents boards from engaging properly with technology at a strategic level, with some 58% of respondents considering lack of knowledge to be the main obstacle.

While 22% of respondents allude to another reason, 16% cite language as an impediment and 4% blame the onboarding process, 58% is a worryingly high number given the fact that the digital age has been upon us for a considerable time now.

Technology and data are big news and all types of organisations are increasingly required to keep up with the latest developments so it seems logical that boards should consider both technology and data when looking at strategy.

The results of the poll seem to point to greater understanding of data than technology with one respondent stating that ‘Challenges arising from data management are more readily understood (e.g. the impact of poor data quality), but the real opportunities available to the organisation through the effective use of data are less well considered – especially through the lens of commercial strategy.’

When asked if there were particular areas in which boards needed to improve their knowledge, AI and automation was chosen as the main area of concern, with 25% of respondents selecting this option.

This was chosen above all of the other options: using data effectively (creating value), 16%, GDPR (3%), cyber security (15%) and IT governance (9%), although 22% of respondents stated that boards need to improve their understanding in all of the areas mentioned.

Pace of Change

With new technology emerging quicker now than at any other time during the last 40 years, the speed at which technology is evolving is giving boards cause for concern.

Even if boards do receive presentations about technology, the opportunities move rapidly and it is hard to ensure that a board which meets just a few times a year has its finger fully on the pulse in terms of opportunities that might exist.

As one respondent says ‘The speed at which technological advances are at pace means key aspects of the technology journey may not be provided in a timely manner.’ Another respondent affirms that ‘Technology updates are provided but given the quarterly cycle of meetings there’s no guarantee that up-to-date information is cascaded to the board’.

It can also be hard to find time in busy agendas to focus on the technology aspects. While there has been a focus on GDPR and cyber security in recent years, the focus has been on risks rather than opportunities.

Having a good understanding of GDPR requirements and the risk of cyber-attack is a good thing, but boards also need to consider more strategic elements, such as AI/automation and digitisation.

Having vision is about conceptualising possibilities and strategy should focus as much on opportunities as risks. Boards can ill afford to ignore the former as opportunities are what will drive an organisation forward.

The lack of focus on strategic opportunities could be down to the fact that most boards are made up of people who are of a generation that do not really understand the possibilities and threats offered by technology.

While the pace of change can be challenging for all boards, it is particularly so for those predominantly made up of people who are not digital natives.

On top of this, changes in corporate governance, data privacy requirements and regulation mean that it can be difficult for non-executive directors to maintain an adequate level of knowledge across all areas. While it is incumbent upon directors to proactively seek to expand their knowledge, there are time limits on what is achievable given the part-time nature of the role.

Getting younger people onto the board might offer one solution, but this might be easier said than done. It might also be suitable for some organisations to have an IT specialist sit on the board, but this would not be appropriate for all.

Moreover, having one director with responsibility for technology might allow others to obviate their responsibility, which is clearly not an option.

As one respondent quite rightly said “Technology is both an opportunity and a threat, Boards need to understand how it impacts the business both operationally and strategically”. This is a responsibility that all Directors must share.

Please contact Cyber Security Intelligence if you would like a Report prepared on your Business Tech Capabilities.

Financial Director:               Image: Nick Youngson

You Might Also Read: 

Business Cyber Security Strategy £:

 

 

« Hidden Truth About Cyber-Crime: Insider Threats
DARPA To Test Infrastructure Resilience »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

Asseco Group

Asseco Group

Asseco Poland stands at the forefront of the multinational Asseco Group. We are a leading provider of state-of-the-art IT solutions in Central and Eastern Europe.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

4Stop

4Stop

4Stop is a global KYC, compliance and anti-fraud risk management company.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

AngelList

AngelList

AngelList champion startups and the people who empower them. Search tech & startup jobs, find new tech products, and invest in startups.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Soteria Cybersecurity

Soteria Cybersecurity

Soteria is your trusted Cybersecurity Partner in IT and OT.

Parrot Security (ParrotSec)

Parrot Security (ParrotSec)

Parrot Security provides a huge arsenal of tools, utilities and libraries that IT and security professionals can use to test and assess the security of their assets.