Corporate boards face digital transformation challenges, particularly within the areas of cybersecurity, and lack the technical expertise needed to guide decision-making efforts.

A report from Diligent Institute, based on a survey of 300 directors, found fewer than half of the companies surveyed have technical expertise within their boards.

Many corporate board members are also finding that delivering rapid business value through digital transformation often requires 12- to 36-month long initiatives, where value doesn’t begin showing up until later towards the tail end of the effort.

Dottie Schindlinger, executive director of Diligent Institute, notes one report finding that has remained consistent for several years is directors find cybersecurity and digital transformation to be the top two most challenging areas to oversee in their board role.

“These tend to show up in the top three on this list year after year,” she says. “Perhaps that’s not too surprising, as both cybersecurity and digital technology are ever-evolving areas of risk and opportunity, and most directors are not dealing with them day to day from an operational standpoint.”

That, combined with directors’ expectation that digital strategy would also dominate companies’ attention in the coming year, Schindlinger said one would expect their comfort level with technology would increase as well -- but that’s not what the data indicates.

The ‘Foreign Language’ of IT

“There are several factors that make digital transformation challenging for board members to oversee,” she says. “First, digital technology itself is still a relatively new field. Unlike finance, which has been studied and perfected over two centuries, we’re still grappling with the best ways to manage and mitigate the risks associated with digital technologies.”

She points out both digital innovation and the associated risk landscape evolve rapidly, which makes it hard to stay current, even if digital technology is central to your day job.

“Second, for most directors, deep discussions of digital technology can feel like a foreign language,” she adds. “At a global average age of 62, most directors began using digital technologies late in their careers; previous few directors ever held a technology leadership role at any point in their careers.”

These means most directors need better education in issues related to cybersecurity and digital transformation.

“Third, most boards aren’t structured or positioned particularly well to oversee digital transformation and related risk,” Schindlinger says. “They don’t have enough digital expertise represented, nor do they have committees in place dedicated to digital transformation and innovation.”

In addition, boards are just now realizing the benefits of using tools like dashboards and other sources of real-time insight to help them stay current on developments and make better, faster decisions.

“This needs to happen much faster in order for them to keep pace with the rapidly evolving risk landscape here,” she says.

Overwhelmed with Transformation Efforts

Jasmeet Singh, executive vice president, global head of manufacturing for Infosys, explains the investment community and market dynamics don’t allow such timeframes anymore.

“Aligning multiple transformation initiatives so that the whole is bigger than the sum of parts and not the other way around is key,” he says. “With the proliferation of SaaS solutions and emergence of new buying centers, it is easier than ever for overlapping initiatives to be kicked off with a potential to create business and enterprise architecture complexity.”

To make it work, Singh says firms need to concentrate on three pillars, and four recommendations.

The three pillars are live data, product-centric operating models, and responsible risk taking, while the four recommendations are prioritizing culture, reducing digital friction, building tomorrow’s skills today, and delivering change in bite-sized chunks.

“They must pivot quickly and focus on product-centric value delivery -- or organizing the business around the flow of value through the firm -- to accelerate product delivery and get closer to the customer,” he says.

Singh points out everyone is digital now -- it is how technology is used that will be the differentiator.

“This means doubling-down on things like data-driven culture, new business models, and customer engagement,” he says. “It will also mean focusing on innovation and going green through market-differentiating net zero initiatives.”

He adds that in the face of geopolitical and social challenges, companies will need to pivot quickly. “Creating a rapid test-and-learn, agile culture will become more important,” he says.

Leveraging the Tech C-Suite

Schindlinger strongly encourages boards to leverage the digital and cybersecurity leaders of their organizations (e.g., CIO, CISO, CTO) as strategic partners, having reports and education from those teams as regular features of board meetings -- and to not wait until there has already been a problem.

“These individuals don’t ‘own’ digital strategy for the company, but they are in a great position to help inform the strategy, calculate the necessary investment to pull it off, and highlight the associated areas of risk,” she explains.

Furthermore, IT leaders should not only have a seat at the board table, but given the level of risk they are shouldering, they should be given some protection. “Right now, it’s rare to find a company offering directors and officers liability coverage to their CISO, but why?” she asks.

Often, it’s the CISO who is being hauled into court when there has been a major data breach, even if that same CISO was arguing for better investment in cybersecurity for years and failed to receive support for the expenditures from the board and executive team.

“Just as companies routinely do for their CFOs, they should provide some protection and support for their CISOs,” Schindlinger says. “I fear that companies that don’t do this are quickly going to find they have trouble hiring the best talent for these critical roles.”

What to Read Next:

Can You Measure the True Costs of Being a Data-Driven Business?

Cybersecurity Just Became a Board Issue for Real

IT Leaders as Advocates for Continual Change