Lack Of Tech Expertise At Board Level Puts Strategy At Risk

Uploaded on 2019-02-25 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Boards lack the technological expertise to fully understand the challenges and opportunities that data and technology present to their organisations according to a recent poll by ICSA: The Governance Institute and recruitment specialist The Core Partnership.

The poll of governance professionals, which was first published in December 2018, found that just 51% of boards understand the challenges and opportunities that data and technology present to their organisations.

Some 29% of the company secretaries who took part in the poll think that their boards do not fully understand and a further 20% could only attest to ‘maybe’.

This lack of knowledge is a concern as it creates a barrier that prevents boards from engaging properly with technology at a strategic level, with some 58% of respondents considering lack of knowledge to be the main obstacle.

While 22% of respondents allude to another reason, 16% cite language as an impediment and 4% blame the onboarding process, 58% is a worryingly high number given the fact that the digital age has been upon us for a considerable time now.

Technology and data are big news and all types of organisations are increasingly required to keep up with the latest developments so it seems logical that boards should consider both technology and data when looking at strategy.

The results of the poll seem to point to greater understanding of data than technology with one respondent stating that ‘Challenges arising from data management are more readily understood (e.g. the impact of poor data quality), but the real opportunities available to the organisation through the effective use of data are less well considered – especially through the lens of commercial strategy.’

When asked if there were particular areas in which boards needed to improve their knowledge, AI and automation was chosen as the main area of concern, with 25% of respondents selecting this option.

This was chosen above all of the other options: using data effectively (creating value), 16%, GDPR (3%), cyber security (15%) and IT governance (9%), although 22% of respondents stated that boards need to improve their understanding in all of the areas mentioned.

Pace of Change

With new technology emerging quicker now than at any other time during the last 40 years, the speed at which technology is evolving is giving boards cause for concern.

Even if boards do receive presentations about technology, the opportunities move rapidly and it is hard to ensure that a board which meets just a few times a year has its finger fully on the pulse in terms of opportunities that might exist.

As one respondent says ‘The speed at which technological advances are at pace means key aspects of the technology journey may not be provided in a timely manner.’ Another respondent affirms that ‘Technology updates are provided but given the quarterly cycle of meetings there’s no guarantee that up-to-date information is cascaded to the board’.

It can also be hard to find time in busy agendas to focus on the technology aspects. While there has been a focus on GDPR and cyber security in recent years, the focus has been on risks rather than opportunities.

Having a good understanding of GDPR requirements and the risk of cyber-attack is a good thing, but boards also need to consider more strategic elements, such as AI/automation and digitisation.

Having vision is about conceptualising possibilities and strategy should focus as much on opportunities as risks. Boards can ill afford to ignore the former as opportunities are what will drive an organisation forward.

The lack of focus on strategic opportunities could be down to the fact that most boards are made up of people who are of a generation that do not really understand the possibilities and threats offered by technology.

While the pace of change can be challenging for all boards, it is particularly so for those predominantly made up of people who are not digital natives.

On top of this, changes in corporate governance, data privacy requirements and regulation mean that it can be difficult for non-executive directors to maintain an adequate level of knowledge across all areas. While it is incumbent upon directors to proactively seek to expand their knowledge, there are time limits on what is achievable given the part-time nature of the role.

Getting younger people onto the board might offer one solution, but this might be easier said than done. It might also be suitable for some organisations to have an IT specialist sit on the board, but this would not be appropriate for all.

Moreover, having one director with responsibility for technology might allow others to obviate their responsibility, which is clearly not an option.

As one respondent quite rightly said “Technology is both an opportunity and a threat, Boards need to understand how it impacts the business both operationally and strategically”. This is a responsibility that all Directors must share.

Please contact Cyber Security Intelligence if you would like a Report prepared on your Business Tech Capabilities.

Financial Director:               Image: Nick Youngson

You Might Also Read: 

Business Cyber Security Strategy £:

 

 

« Hidden Truth About Cyber-Crime: Insider Threats
DARPA To Test Infrastructure Resilience »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

Intuity

Intuity

The Intuity suite of services provides companies with a complete awareness of their security status and helps them in an efficient, efficient and sustainable improvement process.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.

Jitterbit

Jitterbit

Jitterbit integrates critical business processes and enables application development to deliver the experiences and insights needed by enterprises of all sizes to accelerate their digital journey.

AUCyber

AUCyber

AUCyber is a leading provider of managed cyber security solutions and consultancy services, specialising in supporting Australian organisations and Government agencies.