Lack Of Tech Expertise At Board Level Puts Strategy At Risk

Boards lack the technological expertise to fully understand the challenges and opportunities that data and technology present to their organisations according to a recent poll by ICSA: The Governance Institute and recruitment specialist The Core Partnership.

The poll of governance professionals, which was first published in December 2018, found that just 51% of boards understand the challenges and opportunities that data and technology present to their organisations.

Some 29% of the company secretaries who took part in the poll think that their boards do not fully understand and a further 20% could only attest to ‘maybe’.

This lack of knowledge is a concern as it creates a barrier that prevents boards from engaging properly with technology at a strategic level, with some 58% of respondents considering lack of knowledge to be the main obstacle.

While 22% of respondents allude to another reason, 16% cite language as an impediment and 4% blame the onboarding process, 58% is a worryingly high number given the fact that the digital age has been upon us for a considerable time now.

Technology and data are big news and all types of organisations are increasingly required to keep up with the latest developments so it seems logical that boards should consider both technology and data when looking at strategy.

The results of the poll seem to point to greater understanding of data than technology with one respondent stating that ‘Challenges arising from data management are more readily understood (e.g. the impact of poor data quality), but the real opportunities available to the organisation through the effective use of data are less well considered – especially through the lens of commercial strategy.’

When asked if there were particular areas in which boards needed to improve their knowledge, AI and automation was chosen as the main area of concern, with 25% of respondents selecting this option.

This was chosen above all of the other options: using data effectively (creating value), 16%, GDPR (3%), cyber security (15%) and IT governance (9%), although 22% of respondents stated that boards need to improve their understanding in all of the areas mentioned.

Pace of Change

With new technology emerging quicker now than at any other time during the last 40 years, the speed at which technology is evolving is giving boards cause for concern.

Even if boards do receive presentations about technology, the opportunities move rapidly and it is hard to ensure that a board which meets just a few times a year has its finger fully on the pulse in terms of opportunities that might exist.

As one respondent says ‘The speed at which technological advances are at pace means key aspects of the technology journey may not be provided in a timely manner.’ Another respondent affirms that ‘Technology updates are provided but given the quarterly cycle of meetings there’s no guarantee that up-to-date information is cascaded to the board’.

It can also be hard to find time in busy agendas to focus on the technology aspects. While there has been a focus on GDPR and cyber security in recent years, the focus has been on risks rather than opportunities.

Having a good understanding of GDPR requirements and the risk of cyber-attack is a good thing, but boards also need to consider more strategic elements, such as AI/automation and digitisation.

Having vision is about conceptualising possibilities and strategy should focus as much on opportunities as risks. Boards can ill afford to ignore the former as opportunities are what will drive an organisation forward.

The lack of focus on strategic opportunities could be down to the fact that most boards are made up of people who are of a generation that do not really understand the possibilities and threats offered by technology.

While the pace of change can be challenging for all boards, it is particularly so for those predominantly made up of people who are not digital natives.

On top of this, changes in corporate governance, data privacy requirements and regulation mean that it can be difficult for non-executive directors to maintain an adequate level of knowledge across all areas. While it is incumbent upon directors to proactively seek to expand their knowledge, there are time limits on what is achievable given the part-time nature of the role.

Getting younger people onto the board might offer one solution, but this might be easier said than done. It might also be suitable for some organisations to have an IT specialist sit on the board, but this would not be appropriate for all.

Moreover, having one director with responsibility for technology might allow others to obviate their responsibility, which is clearly not an option.

As one respondent quite rightly said “Technology is both an opportunity and a threat, Boards need to understand how it impacts the business both operationally and strategically”. This is a responsibility that all Directors must share.

Please contact Cyber Security Intelligence if you would like a Report prepared on your Business Tech Capabilities.

Financial Director:               Image: Nick Youngson

You Might Also Read: 

Business Cyber Security Strategy £:

 

 

« Hidden Truth About Cyber-Crime: Insider Threats
DARPA To Test Infrastructure Resilience »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Drootoo

Drootoo

Drootoo is transforming businesses and making them high performing entities with its unified cloud platform.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

N-able

N-able

N-Able deliver simple and sophisticated monitoring, security, and business solutions that empower you to solve your toughest IT challenges.

Information Technology Solutions (ITS)

Information Technology Solutions (ITS)

Information Technology Solutions is a single source provider for managing and securing mission-critical IT services.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.