February 10, 2021

Board Technology Committees: SolarWinds & Infodemic Reignite the Conversation

Last summer, Liz blogged about one take on what a “stakeholder” board could look like. She noted how some view re-examining the board’s structure as an opportunity to more closely align the board with strategy & culture.  As much as stakeholder interests are in the spotlight, so is the concept of business transformation – which, among other things, often relates to advancements in digital and AI technologies.

Not only that, but stakeholders will be holding companies accountable for failures to safeguard data and systems. The SolarWinds hack from late last year shows that vulnerabilities are constantly being found and exploited – and we’re facing a pretty dystopian future if those weaknesses aren’t addressed.

We’ve blogged several times over the years about the appeal of board technology committees and the need for a digitally savvy board. But recent events are reigniting that conversation. Just today, Liz blogged on the Proxy Season Blog that ISS ESG will now be rating boards on information security risk management & oversight as part of QualityScore. A couple of recent articles offer views on board oversight related to data integrity and digital and AI technologies – and serve as a reminder that the need for board technology expertise isn’t likely to diminish:

In a HBR article, Brad Keywell, founder and CEO of Uptake Technologies, makes an argument for creation of a board-level “data integrity committee.”  Keywell asserts that data integrity is foundational and that operational data is a company’s most undervalued and risk-embedded asset.  Observing that data integrity lacks a specific guardian in most corporate governance structures, Keywell says companies that want to stay ahead of the curve should have a board committee take the lead.

In another article, Karen Silverman, CEO and founder of The Cantellus Group, says boards need a plan for AI oversight in context of the company’s mission and risk management. Silverman suggests boards be proactive to ensure they have a plan for AI oversight so they can leverage the benefits of AI while also considering the legal, regulatory, brand/reputational and business continuity risks it presents.

With directors already stretched thin, boards may be reluctant to form yet another committee. But leading IT research and advisory firm, Gartner, predicts 40% of boards will have a dedicated cybersecurity committee by 2025. Some companies have already moved in this direction – here’s a recent Accenture blog citing several examples of companies with a dedicated board level technology or cybersecurity committee. The blog opines that a dedicated committee is useful because it allows the board to focus on digital or cybersecurity risk – as well as the upsides & downsides of advanced technologies. This sends a strong signal to not only stakeholders, but also hackers.

For boards thinking about structure and expertise needs, check out our “Board Composition” and “Board Succession” Practice Areas and for memos about cybersecurity and the board’s oversight role, see our “Cybersecurity” Practice Area.

Resource for Board Composition Data

For those who work frequently with boards, you’ve probably been asked to pull together comparative board composition data.  Among other things, questions about board tenure, mandatory retirement, average age and board size are not uncommon.  To help answer those questions in a pinch, Spencer Stuart has an interactive comparison chart that provides key data for each S&P 500 sector.  You’ll also find more resources in our “Board Composition” Practice Area that can help when you’re on the receiving end of an unexpected call from one of your board members.

Tomorrow’s Webcast: “Audit Committees in Action: The Latest Developments”

Tune in tomorrow for our webcast – “Audit Committees in Action: The Latest Developments” – to hear Consuelo Hitchcock of Deloitte, Josh Jones of EY and Mike Scanlon of Gibson Dunn discuss evolving audit committee oversight responsibilities, updates to the auditor independence rules, the impact of Covid-19 to oversight of internal controls, internal audit risk assessments and external audit assurance for ESG data.

– Lynn Jokela