Boards and Tech - Areas of Focus

(Condensed from Boardroom INSIDER for February)

Technology issues are fast moving, complex, interconnected, and often industry specific.? So the first task facing the board is laying out the specific areas to be monitored, how they overlap, and how they apply to each company.?

§ First, assess the tech areas below for how they impact your specific company (by sector, by stage of growth, and future strategy); how the board will monitor and encourage the opportunities they present; risks (both internally for failures and breaches, and externally for liabilities and enforcement actions); how effective internal controls are; cross-overs (how will a new technology – or oversight failure – have an impact in other areas); budgeting ; management and board structures; public, regulatory and stakeholder messaging on technology; insurance and hedging protections. ??

§ ?As to the tech areas themselves, start with cybersecurity.? How well and how often does the board or committee interact with the company CISO (or whoever handles that function)?? What are our event materiality standards?? How is our cybersecurity risk assessment structured, conducted and disclosed?? How are incidents and security audits reported to the board?

§ Data protection. What is the maturity of our data protection controls?? How comprehensive and up to date is the inventory of our company data?? What laws and regulations apply to us (and how do we track coming changes)?? Where is company data housed, internally and externally?? Who monitors our third-party vendors??

§ Artificial intelligence. How are generative AI and related capabilities currently being used in the company, and what pending plans do we have (immediate… three to five years)?? What is the state of our staff expertise on AI technology? What is the state of our board expertise?? Who “owns” the AI portfolio in management, or is it dispersed by function?? How is management assessing new opportunities for AI, and how is this reported to the board?? Show us the protections in place for issues like… misinformation, info security, bias in AI models, and legal/copyright concerns.

§ What other areas should our board include in its tech oversight portfolio (machine learning, cloud computing, ransomware, internet of things, metaverse/immersive technologies, robotics, quantum computing)?