How Do You Make Digital Oversight Work in the Boardroom?
If there's one thing corporate boards have heard a lot about over the last few years, it's been cybersecurity. In my engagements as a director and work on governance issues, a day doesn't go by without another briefing that tries to tell board members something new about digital and cyber dangers.
January 07, 2019 at 11:50 AM
5 minute read
If there's one thing corporate boards have heard a lot about over the last few years, it's been cybersecurity. In my engagements as a director and work on governance issues, a day doesn't go by without another briefing that tries to tell board members something new about digital and cyber dangers.
We've already been told the hacking horror stories, statistics and anecdotes and those are important to understand in order to manage risk. There is one even more crucial aspect of board responsibility for digital that does demand more support and guidance from boards. That is, what role should the board take in digital oversight and what contributions should be expected from the board?
It is not the Board's role to directly create a company's digital/cyber policy, but rather to ask the right questions and set the tone from the top.
Questions to ask:
- How does our strategy take into account the next digital revolution of IoT, AI, Cloud Computing and Big Data?
- Are we leveraging our data assets to build our business?
- What kind of data do we hold? And where is it housed?
- Who has access and what is the authentication process?
- Have we segregated and treated with higher security our key intellectual property?
- What are the firewall/encryption/protocol systems in place and are these actively monitored?
- How do we review past attacks and responses? Do we have a cyber breach response plan in place? Has it been tested?
- Who is directly responsible? The chief information security officer (CISO) and what is their reporting line?
The ability to ask the right questions requires digital expertise on the board. As not everyone on the board will be digitally savvy, it's important to touch on this subject at each meeting in order to build that knowledge. Each board should have at least one digital director, if not two. Good digital oversight can also mean that the board reaches outside for information and validation. The board needs to budget time for outside advisers on digital trends and guidance on looking around the corner at how digital will impact their business models and channels.
Digital expertise is one of the boardroom's newest demand areas, but one with vague qualifications. While chief financial officers are go-to talent for filling a board's need for finance expertise, Chief technology officers or CISOs are still uncommon in the boardroom for adding tech skill. Despite the “C” in their titles, these execs still aren't at the corporate level of a CFO. They are perceived by some search firms and board members to lack the seniority or seasoning in broader governance oversight to be effective in a board setting, and their tech skills, while solid, may be seen as narrow or limited. A CTO on your board could well be an expert on cybersecurity, data privacy laws or trending mobile retail opportunities, but prove weak on other urgent governance issues.
How digital oversight is filled and led at the board level is also crucial (and often overlooked). Modern corporate boards, especially at public companies, face a huge, demanding workload. A common tactic is to assign digital governance to the audit committee. But audit has increasingly become the board's dumping ground for risky, technical matters. Unless you upgrade the committee's skills and capabilities in tech, your digital governance could grow worse instead of better. Another alternative is to consider chartering a new board committee for tech and innovation. Whichever route you take, assure you have a committee chair who has savvy in the specific tech issues facing your company, and who is able to lead well, and can work a well-planned agenda.
Finally, remember that your board can't properly oversee digital matters in isolation. First, it needs a solid relationship between your company's tech staff (CTO, CISO, etc.) and the board, particularly the committee chair in charge. Staff ability to effectively explain technical matters to board members requires tact and emotional intelligence. Skill in building and maintaining these relationships should be reviewed as part of tech staff's professional organizational development and be part of their evaluation and pay setting.
This staff/board interface includes the reporting in the board deck that the board sees on technology matters. Start with careful discussion on the indices the board needs to see, what matters they cover and how they are reported. Each slide should have a brief bulleted conclusion at the bottom. Dashboard reporting is useful here, but first devote careful thought to what is to be reported. Be sure you have a summary that explains the insights and the recommended actions.
The need for a tech/innovation perspective can be folded into the annual governance committee review on potential board refreshment needs. Your board's evaluation and turnover policies may assure board continuity … but are they bringing in the fresh skills in tech and other fields the company will need tomorrow? And are you “siloing” board tech oversight, but missing its application to other areas, like shaping future corporate strategy?
On the board, strong board leadership, continued education on the impact of digital on the business, a clear assignment of digital oversight responsibility within the board's structure; good relations with tech staff; and well-defined, insightful board reporting on digital info will keep your board informed and ahead of the trends.
This seems like a big digital shopping list for the board, but once your boardroom course is set, it becomes surprisingly simple. If every business today is a digital business, that means every role your board plays must now become part of its digital governance.
Betsy Atkins, a founder of Bajacorp, is a three-time CEO currently serving on the boards of Wynn Resorts, SL Green, Schneider Electric and Volvo Cars.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllA Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute readThree Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
- 1Decision of the Day: Judge Reduces $287M Jury Verdict Against Harley-Davidson in Wrongful Death Suit
- 2Kirkland to Covington: 2024's International Chart Toppers and Award Winners
- 3Decision of the Day: Judge Denies Summary Judgment Motions in Suit by Runner Injured in Brooklyn Bridge Park
- 4KISS, Profit Motive and Foreign Currency Contracts
- 512 Days of … Web Analytics
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250