Lack Of Tech Expertise At Board Level Puts Strategy At Risk

Uploaded on 2019-02-25 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Boards lack the technological expertise to fully understand the challenges and opportunities that data and technology present to their organisations according to a recent poll by ICSA: The Governance Institute and recruitment specialist The Core Partnership.

The poll of governance professionals, which was first published in December 2018, found that just 51% of boards understand the challenges and opportunities that data and technology present to their organisations.

Some 29% of the company secretaries who took part in the poll think that their boards do not fully understand and a further 20% could only attest to ‘maybe’.

This lack of knowledge is a concern as it creates a barrier that prevents boards from engaging properly with technology at a strategic level, with some 58% of respondents considering lack of knowledge to be the main obstacle.

While 22% of respondents allude to another reason, 16% cite language as an impediment and 4% blame the onboarding process, 58% is a worryingly high number given the fact that the digital age has been upon us for a considerable time now.

Technology and data are big news and all types of organisations are increasingly required to keep up with the latest developments so it seems logical that boards should consider both technology and data when looking at strategy.

The results of the poll seem to point to greater understanding of data than technology with one respondent stating that ‘Challenges arising from data management are more readily understood (e.g. the impact of poor data quality), but the real opportunities available to the organisation through the effective use of data are less well considered – especially through the lens of commercial strategy.’

When asked if there were particular areas in which boards needed to improve their knowledge, AI and automation was chosen as the main area of concern, with 25% of respondents selecting this option.

This was chosen above all of the other options: using data effectively (creating value), 16%, GDPR (3%), cyber security (15%) and IT governance (9%), although 22% of respondents stated that boards need to improve their understanding in all of the areas mentioned.

Pace of Change

With new technology emerging quicker now than at any other time during the last 40 years, the speed at which technology is evolving is giving boards cause for concern.

Even if boards do receive presentations about technology, the opportunities move rapidly and it is hard to ensure that a board which meets just a few times a year has its finger fully on the pulse in terms of opportunities that might exist.

As one respondent says ‘The speed at which technological advances are at pace means key aspects of the technology journey may not be provided in a timely manner.’ Another respondent affirms that ‘Technology updates are provided but given the quarterly cycle of meetings there’s no guarantee that up-to-date information is cascaded to the board’.

It can also be hard to find time in busy agendas to focus on the technology aspects. While there has been a focus on GDPR and cyber security in recent years, the focus has been on risks rather than opportunities.

Having a good understanding of GDPR requirements and the risk of cyber-attack is a good thing, but boards also need to consider more strategic elements, such as AI/automation and digitisation.

Having vision is about conceptualising possibilities and strategy should focus as much on opportunities as risks. Boards can ill afford to ignore the former as opportunities are what will drive an organisation forward.

The lack of focus on strategic opportunities could be down to the fact that most boards are made up of people who are of a generation that do not really understand the possibilities and threats offered by technology.

While the pace of change can be challenging for all boards, it is particularly so for those predominantly made up of people who are not digital natives.

On top of this, changes in corporate governance, data privacy requirements and regulation mean that it can be difficult for non-executive directors to maintain an adequate level of knowledge across all areas. While it is incumbent upon directors to proactively seek to expand their knowledge, there are time limits on what is achievable given the part-time nature of the role.

Getting younger people onto the board might offer one solution, but this might be easier said than done. It might also be suitable for some organisations to have an IT specialist sit on the board, but this would not be appropriate for all.

Moreover, having one director with responsibility for technology might allow others to obviate their responsibility, which is clearly not an option.

As one respondent quite rightly said “Technology is both an opportunity and a threat, Boards need to understand how it impacts the business both operationally and strategically”. This is a responsibility that all Directors must share.

Please contact Cyber Security Intelligence if you would like a Report prepared on your Business Tech Capabilities.

Financial Director:               Image: Nick Youngson

You Might Also Read: 

Business Cyber Security Strategy £:

 

 

« Hidden Truth About Cyber-Crime: Insider Threats
DARPA To Test Infrastructure Resilience »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Continuity Shop

Continuity Shop

Continuity Shop provides training and consultancy in Business Continuity and Information Security to some of the world's biggest organisations.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Shift5

Shift5

Shift5 focus on securing operational technology (OT) by building best-in-class, dual-use products serving military and commercial entities.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Satori Cyber

Satori Cyber

The Satori Cyber Secure Data Access Cloud is the first solution on the market to offer continuous visibility and granular control for data flows across all cloud and hybrid data stores.

KDM Analytics

KDM Analytics

KDM Analytics software products automate the NIST risk management framework (RMF) assessment for operational technology (OT) systems.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

QuoIntelligence

QuoIntelligence

QuoIntelligence experts can help your team understand the evolving cyber threats and provide simple yet comprehensive recommendations so you can focus on what matters.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

HWG

HWG

HWG is a company specialized in providing cyber security solutions and consulting services.

Amplix

Amplix

In the race to create value for your enterprise, Amplix is your best asset for making technology decisions and optimizing your IT infrastructure, cloud usage, and security posture.