Board Technology Committees: SolarWinds & Infodemic Reignite the Conversation
Last summer, Liz blogged about one take on what a “stakeholder” board could look like. She noted how some view re-examining the board’s structure as an opportunity to more closely align the board with strategy & culture. As much as stakeholder interests are in the spotlight, so is the concept of business transformation – which, among other things, often relates to advancements in digital and AI technologies.
Not only that, but stakeholders will be holding companies accountable for failures to safeguard data and systems. The SolarWinds hack from late last year shows that vulnerabilities are constantly being found and exploited – and we’re facing a pretty dystopian future if those weaknesses aren’t addressed.
We’ve blogged several times over the years about the appeal of board technology committees and the need for a digitally savvy board. But recent events are reigniting that conversation. Just today, Liz blogged on the Proxy Season Blog that ISS ESG will now be rating boards on information security risk management & oversight as part of QualityScore. A couple of recent articles offer views on board oversight related to data integrity and digital and AI technologies – and serve as a reminder that the need for board technology expertise isn’t likely to diminish:
In a HBR article, Brad Keywell, founder and CEO of Uptake Technologies, makes an argument for creation of a board-level “data integrity committee.” Keywell asserts that data integrity is foundational and that operational data is a company’s most undervalued and risk-embedded asset. Observing that data integrity lacks a specific guardian in most corporate governance structures, Keywell says companies that want to stay ahead of the curve should have a board committee take the lead.
In another article, Karen Silverman, CEO and founder of The Cantellus Group, says boards need a plan for AI oversight in context of the company’s mission and risk management. Silverman suggests boards be proactive to ensure they have a plan for AI oversight so they can leverage the benefits of AI while also considering the legal, regulatory, brand/reputational and business continuity risks it presents.
With directors already stretched thin, boards may be reluctant to form yet another committee. But leading IT research and advisory firm, Gartner, predicts 40% of boards will have a dedicated cybersecurity committee by 2025. Some companies have already moved in this direction – there’s a recent Accenture blog citing several examples of companies with a dedicated board level technology or cybersecurity committee. The blog opines that a dedicated committee is useful because it allows the board to focus on digital or cybersecurity risk – as well as the upsides & downsides of advanced technologies. This sends a strong signal to not only stakeholders, but also hackers.
For boards thinking about structure and expertise needs, check out our “Board Composition” and “Board Succession” Practice Areas and for memos about cybersecurity and the board’s oversight role, see our “Cybersecurity” Practice Area.
-Lynn Jokela, TheCorporateCounsel.net February 10, 2021
Want to keep reading?
Great. Enter your email address and gain instant access to this article