Cyber Security, Data Privacy, AI Related Issues Require Focus Now

India Inc stands at a crossroad today. The rising tide of ESG (environmental, social, and governance) considerations present both challenges and immense opportunities for businesses. Can the abundant tech talent be leveraged for a transformation? 

Board oversight priorities often divide between what the various directors of the  board say matters to them, as against where they actually dig down and devote time and resources. The former topics are ones that most make the news, while the latter are hard-line issues that keep directors, CEOs and legal advisors awake at night. 

DEI (diversity, equity and inclusion) and ESG concerns, for example, have become topics for roundtable discussion, consulting advice and thought leadership articles on governance. Measures for both have worked their way into corporate reporting worldwide, on topics as broad as carbon footprints, diversity, sustainability, stakeholders, and energy usage. ESG and DEI policies have real-world financial and legal materiality consequences today, but both see increasing uncertainty and second thoughts. Some event say that organisations are only paying lip service and not internalising it. Corporations face a global minefield of legal requirements and conflicting agendas on ESG topics, and those seeking to pitch themselves as sustainability leaders can find themselves fending off greenwashing claims. 

DEI, meanwhile, faces a rough patch in the USA. A growing number of US States are legislating bans on DEI policies at state institutions, and corporations increasingly avoid discussion on their diversity, equity and inclusion projects. 

But there is another hot area of governance concern for all businesses, one that is on a major upswing – it is also very international, and brings serious consequences for failure. This is the broad, fast-changing topic of technology. 

As with DEI and ESG, tech matters are a topic of intense discussion amongst the grey-haired board members globally. However, artificial intelligence, cyber security, data privacy, IoT and related fields now bring immediate legal and regulatory demands that any board, anywhere, must focus on. Cyber security and data protection rules with strong safeguards are in place worldwide, and expanding exponentially. AI regulations in Europe, the USA, China, Japan and most other nations impose tough accountability and disclosure. 

This suite of worldwide and regional rules covers a broad range of topics, from protection of customer data, to limiting the nations where customer data can be housed, to banning online “misinformation,” to prohibiting use of AI tools for deep fakes or pirating intellectual property. The laws lay out many penalties companies can face for failures, but, just as crucial for boards, they demand extensive reporting and disclosures, all of which boards must verify. At the beginning of this year, 77% of global CEOs surveyed by PwC are worried about potential liabilities arising out of AI in the coming months and years.

What it means is that while your board must monitor and meet growing ESG pressures, the technology rules are powerful, broad, multinational, and often bring scary liabilities and penalties for oversights. So guess which of these issues really keep board members awake?

Tech areas for board focus

Technology issues are fast moving, complex, interconnected, and often industry specific. Therefore, the first task facing a board is laying out the specific areas to be monitored, how they overlap, and how they apply to each company. Here is a checklist to start your governance planning:

First, assess the tech areas lister hereinbelow for how they impact your specific company (by sector, by stage of growth, and future strategy); How the board will monitor and encourage the opportunities they can present; what risks they present both internally for failures and breaches, and externally for liabilities and enforcement actions; how effective internal controls are for monitoring each tech area; cross-area assessments (how will a new technology – or oversight failure – have an impact in other areas); budgeting plans and projections; management and board structures for overseeing change and advances; what talent expertise exist in each area; what all public, regulatory and stakeholder messaging exist on technology; what insurance and hedging protections cover for failures.

As to the tech areas themselves, start with cyber security. How well and how often does the board or committee interact with the company CISO (or whoever handles that function)? What are our event materiality standards? How is our cybersecurity risk assessment structured, conducted and disclosed? How do our intrusion protections compare to current best practices? How are incidents and security audits reported to the board?

Next comes data protection. What is the maturity of our data protection controls? How comprehensive and up to date is the inventory of our company data? What laws and regulations apply to our data storage and usage, and how are we apprised of coming changes on this? Where is company data housed, internally and externally (including overseas locations that may have differing data privacy laws)? Who monitors our third-party vendors? What data management/hygiene frameworks do we have in place?

Third is AI. How is generative AI and related capabilities currently being used in the company, and what pending plans do we have (immediate, three-to-five years)? What is the state of our staff expertise on AI technology? What is the state of our board expertise? Who “owns” the AI portfolio in management, or is it dispersed by function? Is our current structure the best (and why)? How is management assessing new opportunities for AI, and how is this reported to the board? Show us the protections in place for dealing with AI issues like… misinformation, info security (AI can gobble company data and spread it around), bias in AI models, and legal/copyright concerns.

What other areas should our board include in the tech oversight portfolio (machine learning, cloud computing, ransomware, internet of things, metaverse/immersive technologies, robotics, quantum computing)?

M. Muneer is a Fortune-500 advisor, startup investor and co-founder of the non-profit Medici Institute for Innovation. Ralph Ward is global board advisor, coach and publisher. 


This website uses cookies. By continuing to use this site, you accept our use of cookies.