Don't Be Afraid to Ask Questions About Tech

You don’t have to be a technology expert to know what technology questions to ask, or to understand the answers. Make sure your board members are willing to ask those questions and make sound decisions based upon the answers.

Familiarize Yourself With Technical Debt

All those technological updates your organization should have made over the last several years, but didn’t? That’s technical debt, and it could put your organization at risk of cyberattacks or operational meltdowns.

Boards Should Play an Active Role in Tech

Technology is simply too advanced and too vital to an organization’s well-being for boards to stay out of it. Make sure your board is an active participant in major tech decisions your organization makes, regardless of directors’ tech expertise levels. 

Atlas Webinar Series: Modernizing Your Board’s Approach to Data and Technology

Webinar Recap: Wayne Sadin, veteran CTO leader, analyst for Acceleration Economy, and NACD-certified director, explores how boards and their leaders can identify threats, highlight opportunities, and plan for change in data and technology.

Design Lines

These days, technology is evolving at a breakneck pace. While technology and digital change present big challenges to organizations, they also introduce big challenges to organizations of all sizes and industries.

In the past, many boards opted to take a hands-off approach to technology. But today, that’s no longer an option. Instead, boards must take an active role in identifying threats and opportunities – and making plans for change in data and technology. 

At our recent ATLAS Leadership series webinar, Wayne Sadin, veteran CTO leader, analyst for Acceleration Economy, and NACD-certified director, led an engaging discussion centered on the steps boards must take to identify threats, highlight opportunities, and plan for change. 

The session spanned topics including:

  • Strategies for acquiring board-level technology and data expertise
  • Data and technology risks to consider this year and beyond
  • Best practices for updating your board’s technology and data outlook

Here, we’ll explore a few of the top takeaways from this webinar. 

You Don’t Have to be a Technical Expert to Address Cybersecurity Risk

When we hear the term “risk,” our minds often go to cybersecurity risk. That’s not surprising, as the consequences of such a risk are quite large. According to a report from IBM, the average cost of a data breach in the United States in 2022 was $9.44 million. 

Modern boards must take an active role in preventing and mitigating cybersecurity risk. Some may argue they don’t have the knowledge or expertise to do so. However, Sadin said “you don’t have to be a technical expert to be able to ask intelligent, insightful questions about cybersecurity, or to understand the answers.” 

Sadin recommends boards follow 6 basic cybersecurity principles to protect their organizations. 

  1. Robust prevention

Make sure your organization has a solid strategy to “keep evildoers out of the doors.”

  1. Quick detection

According to Sadin, “there are two types of organizations: those that have been hacked and those that don’t know they’ve been hacked.” The longer it takes to identify and contain a breach, the larger the consequences. Yet, on average, it takes about nine months to do so, according to IBM. Organizations must be able to quickly identify breaches so they don’t give hackers the opportunity to “settle in” and do more damage. 

  1. Defense Depth

Once a bad actor breaches an outer wall, they often have unrestricted access. As an example, consider the infamous Target breach from 2013. Thirty million credit and debit records and 70 million customer records were stolen. The source of the breakthrough was through a subcontractor work order portal. The lesson? Organizations must set up their networks in a way that locks interior doors.

  1. Keep Your Secrets Secret

It’s imperative to encrypt every piece of data in your organization. As Sadin explained, “if [cyber criminals] steal it and they can’t use it, it’s not useful.” 

  1. Effective Repair and Restoration 

No organization is immune to cyberattacks. Per IBM, for 83% of companies, it’s not if a data breach will happen, but when.” 

Once you suspect a breach, take action ASAP. Make sure to have a plan in place in advance, and tap into pre-vetted outside experts as needed. 

  1. Don’t Keep All Your Eggs in One Basket 

Mark sure your data is backed up somewhere else and taken away. That way, you can restore your data while you’re taking other recovery steps. What’s more, if the backups are housed elsewhere, it makes it harder for cyber criminals to access it. 

Cybersecurity Isn’t the Only Kind of Tech Risk

For many boards, cybersecurity is top of mind. That makes sense. As Sadin puts it, “cybersecurity is the risk that makes it in front of the SEC.” 

But there are many other types of technology risks. It’s imperative for boards to examine and address risk from a broader perspective.

“There are many other risks of technology,” said Sadin. “It’s not just cyber. If that’s all you’re focused on, you’re leaving yourself vulnerable. 

Technical Debt Must be Addressed

Technical debt is one such example of those “other” types of technology risk. Sadin defines technical debt as “the sum total of all the upgrades, enhancements, and repairs you should have made in your IT infrastructure from day one – but didn’t.” 

Running outdated software is problematic. According to Sadin, “You’re increasing your attack surface. You don’t want to be behind in that arms race.” 

Old infrastructure introduces big risks. You may find that new software doesn’t connect to what you already have in place. Once you start making updates, you actually end up breaking more than you fix. 

As an example, consider the recent Southwest Airlines meltdown, when the airline had to cancel a huge amount of flights. As it turns out, the company’s problems were largely due to old, outdated software. 

Sadin said, “If your CEO says you’re nine releases back, don’t be assured. That means they’re taking on an enormous amount of change and risk and they’re rushing through it.” 

Technical debt introduces significant risk. As such, board directors must make it a priority to understand the company’s technical debt. 

“Technical debt affects companies of all sizes,” said Sadin. “If you’re not asking, ‘What is our technical debt situation and what are we doing to get out of it?’ you’re doing your organization a disservice.” 

According to Sadin, reduced technical debt is one of the big benefits of moving to cloud computing. “You’ve still got to manage the security and environment,” he said. “But cloud providers continue to update their infrastructure. Servers are no longer 20 years old; they might be 20 minutes old. Cloud-based software eliminates technical debt because vendors are responsible for updates.” 

Technology Opportunities Abound – and Boards Must Play an Active Role

While technology presents challenges and risk, it also presents big opportunities to organizations that know how to capitalize on it. Boards must take an active role. 

Sadin’s recommendation is to approach new technology by looking at two different buckets.

    1. Digital transformation: Rethinking your culture, your market, your boards, your employee and customer experiences by the promise and threat of technology. This doesn’t start with technology, but rather, with culture. According to Sadin, this is the “big hairy audacious goal.”
    2. Digital optimization: Doing what you do already but doing it better, faster, and cheaper with new processes and technology. Sadin said, “It’s not inappropriate for a board to be asking about process instead of shiny technology. Technology is second to process.” 

Some boards may think they’re not equipped to address technology because of a lack of expertise in the area. But Sadin once again reminded attendees that they don’t have to be tech experts to ask smart questions and understand the answers. 

“Boards don’t need to be populated with CIOs and engineers,” Sadin explained. “But technology is critical to every business we’re in. Is your duty of care satisfied when nobody knows anything about tech? You want that perspective. As a board member, you have to keep up with ESG, DEI…so why not technology?”

Ready to learn more about how your board can make effective, future-focused decisions that positively impact the organization you serve? Register today for our next Atlas Leadership Webinar, Choosing the Board’s Duty of Foresight, featuring Jeff De Cagna FRSA FASAE, executive advisor at Foresight First LLC. 

Working at this table
Unlock Superior Board Governance

Streamline your board meetings and unlock valuable insights with OnBoard’s powerful platform. Experience the difference of secure, efficient, and intuitive board management software designed for success.