Why cyber security should be at the top of company boards’ agendas
Last weekend, I attended a great workshop in London where board members as well as Chief Information officers (CIOs) and Chief Information Security Officers (CISOs) from various industries (banking, pharma, technology, production and communication) met with CEOs of fast growing software companies to discuss innovative solutions in the areas Cyber Security, Cloud services, robots and artificial intelligence. I had the opportunity to exchange ideas and discuss the distinct challenges we as board members are facing in managing digital and cyber security risk in the boardroom.
I was once again amazed by the possibilities modern technology is already offering and will offer in the future. And I am still optimistic that there will be enough work for humans to do – but it will be in the area we’re really good at: creative thinking.
At one workshop, we discussed robots for software testing. Did you know that 80 % of tests are still done manually? And that we tend to count and evaluate tests cases quantitatively, although that doesn’t say much about the quality, does it? The quality depends on the scope of the tests, the parts you are testing and how you make use of the results. Certainly, this kind of job can be done by a machine and the people could do a more valuable job in looking for the right sample and evaluating the results.
I also learned about the scepticism regarding the hybrid cloud, which is a mix of the public and the private cloud and still not used very much by enterprises, and regarding blockchain technology as some problems such as ownership of private keys, capacity and possibilities to delete afterwards when you find a bug are not yet solved.
The role of board members
We discussed the role of board members when it comes to using innovative technologies and ensuring cyber security. It seems that – from a global perspective – digital developments have only recently entered board discussions. If there’s one good thing to have come out of cyber-attacks like “WannaCry”, it’s that they have raised awareness. It is therefore crucial for companies to prepare themselves. You may say that has long been obvious, but in a lot of companies these discussions and the resulting decisions were left to the IT department. And when IT departments warned about or did not allow the use of convenient solutions like Dropbox or WhatsApp, they were either bypassed or labelled as killjoys.
Why cyber security should matter more
Since the recent cyber attacks, cyber security has become a very prominent topic in the boardroom; cyber risks appear in most risk maps, and all companies have to decide between an ecosystem that is open and therefore more innovative and a closed system, which may be safer. You need to talk about risk appetite and be prepared to take responsibility for this decision.
During the discussions at the workshop, I learned that there are solutions out there for balancing the opposite poles of innovativeness and safety. However, more often than not these solutions have yet to be accepted at the management level – either because the managers don’t know enough about them, or they do not trust them since they “weren’t invented here”, or because nobody feels able to make the decision as either decision makers do not have the necessary knowledge or nobody feels responsible. And most board members just don’t know (yet) how to challenge, consult or encourage managers to take these new paths. Through these discussions, it became clear to me that there is a need for cultural change within companies and in our economy as a whole. But how can board members initiate this change and encourage the management to sustainably implement it in their companies? These are very important questions for me, and I’m sure I’ll come back to them another time.
I mentioned in a former blog post how crucial it is to stay curious and dare to explore new ground even as a non-digital native. Talking to other board members as well as digital experts, this has become even more apparent, and it has shown me the opportunities that can come out of this approach.