The last quarter has seen an upsurge in reported cyber-attacks and what I will call “digital drama”. It has become a mainstream issue—a bit like remuneration—and hard for the population at large to ignore when it grounds British Airways for three days over a bank holiday weekend, as seen in June.
BA’s travails followed soon after the WannaCry ransomware attack, which paralysed vast swathes of the NHS and other industries. The government and professional advisers have been profile-raising intensely within boards over these sorts of issues over the past two years. There are workshops, questionnaires, reports and papers galore.
So, why do companies keep getting got? What are boards and you, as non-executives, doing about it?
WannaCry and other tech risks
As you would expect, upon reports of WannaCry I immediately contacted my boards to ascertain whether it had affected them, and what they were doing to protect themselves from the predicted second wave.
The first surprising response was that they had all heard of it. The second was that they were surprised that I had asked. The third was that only one board was taking positive action. I wonder if BA’s board had discussed the risks involved in outsourcing a mission-critical system—and whether that had anything to do with the airline’s problem or not.
Shareholders should, of course, not worry, as the reassurance from BA’s 2016 annual report is: “System controls, disaster recovery and business continuity arrangements exist to mitigate the risk of a critical system failure.” Clearly they hadn’t tested them.
In many boards the audit committee tends to take the lead on digital matters, mainly because it is the FD/CFO who tends to be the responsible executive on the board. But when boards do a competence review (which is seldom) they often identify as missing current knowledge of digital technology and application.
Is this perhaps a board diversity issue? The average age of a non-executive is 61. So, this is most likely a career that began with no PC, no mobile phone, no internet, no email—no online anything, when IT was an emerging capability, not a mature industry, with all sorts of opportunities to disrupt and redefine our existing businesses.
Perhaps, therefore, boards should consider a younger, more digitally aware membership? It would, at minimum, make the introduction of board software packs a little less troublesome for many company secretaries whose jobs have increased exponentially, as password support for IT-challenged NEDs has moved mainstream.
The known unknowns of technology
Moving on from the operational aspects, boards need to be talking about the strategic challenges and opportunities that digital technology presents.
My experience is that boards find it very difficult to have these conversations: there are so many known unknowns, and that’s before we even get to the unknown unknowns.
And so much of strategy is death by PowerPoint on market share, competition, margin and geography with the odd new product, that it may be difficult to envisage a world without cash, or possibly without banks—let alone where artificial intelligence (AI) replaces an organisation’s support functions.
AI doesn’t make mistakes; it can work 24/7 and doesn’t need weekends off at year-end.
Have you seen Gartner’s predictions for 2020? If not, you should. It would be unheard of to approach a strategy discussion without an understanding of global, political, legislative, economic or environmental drivers. So why is technology not part of the picture?
There are some predictions that more than 40% of back-office functions will be replaced by robots/AI in the next five years. This will change the workplace (and therefore consumer demographics) in ways that will affect every business. This has to be the most important conversation for all boards. Are we up for it? Do we have the right knowledge to have it?
Of course, the other opportunity that AI/digital technology offers us is the ability to replace the traditional non-executive.
Let me introduce the new governance model: RoboNed. RoboNed will offer every aspect of diversity and never forget login details. RoboNed will remember intimate details of previous budgets, forecasts and promises (much to the chagrin of management).
Of course, he or she could be hacked, but then I guess we all can, and then these articles would not be so good.
The Secret NED is a current British board director with 30 years’ experience, who has worked on boards in the FTSE250, small-cap companies and private, family-owned businesses.