New board issues come up on a daily basis. Some come immediately to the forefront and some have to go to the back burner until other pressing matters are handled. But what are those pressing concerns that are garnering instantaneous attention? We asked several directors: What emerging issue is giving your board the most challenge at this moment, and what are you doing to tackle it?
Convergence of Cybersecurity and AI
An emerging issue for one of my boards is addressing the threats posed by the convergence of cybersecurity and AI. Our increasing reliance on digital infrastructures means that a successful cyberattack could have far-reaching consequences, including operational disruptions, financial losses, legal liabilities and severe reputational damage. Therefore, this convergence has increased the complexity and urgency of protecting organizational assets, making it a critical focus for our board to oversee.
We considered the following key challenges when developing a response:
Understanding and managing new threats. AI-driven cyber threats are increasingly sophisticated and difficult to detect. This requires us to stay informed and ensure our cybersecurity strategies are up to date.
Ensuring adequate expertise. We needed to bridge the knowledge gap in AI and cybersecurity to make informed decisions and provide effective oversight.
Balancing innovation with risk management. We needed to ensure that the adoption of AI technologies balances innovation with robust risk management to mitigate cybersecurity risks.
Strengthening supply chain security. AI-enhanced cyberattacks on supply chains demanded that we monitor and ensure that the cybersecurity practices of all third-party vendors are improved.
Navigating regulatory and ethical concerns. We needed to address complex regulatory and ethical issues related to AI in cybersecurity to avoid legal repercussions and maintain stakeholder trust.
Phase one of our approach included:
Conducting a cybersecurity audit. Boards should initiate a basic cybersecurity audit to assess the current state of their organization’s defenses. This involves reviewing existing policies, procedures and technologies to identify gaps and vulnerabilities. Starting with an audit provides a clear understanding of where improvements are needed and can guide further actions.
Enhanced cybersecurity oversight. We have established a dedicated cybersecurity committee within the board, tasked with regularly reviewing and updating our cybersecurity policies, ensuring they are aligned with our growing understanding of the latest threat intelligence and industry best practices.
Board education and expertise building. We have prioritized ongoing education for board members on AI and cybersecurity, including bringing in external experts to conduct workshops and briefings. This has helped us bridge the knowledge gap and make more informed decisions.
Supply chain risk management. Understanding the risks posed by our supply chain, we have begun to implement a comprehensive assessment process for our vendors, ensuring that they adhere to stringent cybersecurity standards.
Incident response preparedness. We have developed and plan to regularly test an incident response plan that includes AI-driven scenarios. This ensures that we are prepared to respond swiftly and effectively in the event of a breach.
Future phases will include finalizing a cybersecurity roadmap that outlines all the key milestones and initiatives over the next 12 to 24 months. Some of the milestones and initiatives in the roadmap will be appointing a cybersecurity liaison, reviewing vendor contracts for cybersecurity provisions and finalizing a plan for encouraging a culture of cybersecurity awareness.
While we have taken significant steps to address the cybersecurity challenges posed by AI integration, we recognize that these efforts are still in their early stages. The convergence of AI and cybersecurity is a complex, dynamic field that will undoubtedly continue to change as we, and the experts who assist us, deepen our understanding and refine our approaches. Our board’s commitment to ongoing learning, adaptation and collaboration is crucial as we strive to protect our organization from emerging threats.
Sherrin Ross Ingram is a member of MLR Media’s Directors to Watch 2024.
Corporate Social Responsibility Dilemmas
The era of scattershot, feel-good corporate social responsibility (CSR) initiatives is giving way to a more strategic and impactful approach aligned with company purpose. As a board member of one company grappling with this shift, I recognize that the board’s role is pivotal. It will be our responsibility to steward effective implementation through a new infrastructure of guidance and evaluation.
Our board is committed to developing a robust, evaluative framework that includes:
Key performance indicators (KPIs). We are establishing clear, actionable KPIs specific to our CSR goals.
Regular reporting and audits. To ensure transparency and accountability, we are implementing regular reporting and both internal and external audits.
Stakeholder feedback. Although we are still in the early stages, we plan to actively seek feedback from stakeholders, including customers, employees and community leaders.
Establishing an evaluative framework won’t be easy, but it won’t be nearly as challenging as answering some of the questions that remain top of mind for me.
Aligning CSR and business purpose. Where is the line? Is there room for CSR initiatives that do not directly impact our business but are important to the communities we serve?
Fostering genuine commitment. How can we ensure that CSR is embraced genuinely across all levels of the organization? How will we integrate CSR into the company’s long-term vision rather than treating it as a series of short-term efforts.
Measuring negative impact. As the board, will we seek to evaluate our credibility by determining whether our company’s business practices are inadvertently undermining the very issues our CSR initiatives aim to address?
These are critical questions that will guide our journey. I am grateful our board is not alone, and I look forward to learning from others as we navigate these challenges and work toward meaningful and effective CSR practices.
Anita Brown-Graham is a director of Blue Cross Blue Shield of North Carolina, Investors Management Corporation and the Research Triangle Park Foundation, and a member of MLR Media’s Directors to Watch 2024.
Technology Is a Strategic Imperative
In today’s rapidly evolving and increasingly risky business environment, technology is not merely an operational tool but a strategic imperative that demands our board’s attention as fiduciaries for the company. Technology is fundamental to competitiveness, operational efficiency, data analytics, risk management, talent development and other vital functions. Rarely does a week go by without new discoveries in AI applications, along with catastrophic news on the technology front, in terms of cybersecurity nightmares, software failures or cloud disruptions. We have been addressing cybersecurity to a significant extent through our enterprise risk management initiatives and will continue to oversee management’s efforts. The board has initiated early discussions on AI and its potential applications in the company. There are also some early planning efforts in which board members advise management on data and predictive analytics. As board chair, it strikes me that we need to give focus and integration to all these technology-related discussions and initiatives. We are now enabling that through adding the topic of technology strategy to the board agenda and initiating an ad hoc technology working group of the board, which may become a formal committee in the future. This committee will comprise both board members and key management representatives, and possibly an outside advisor. Prioritizing technology is not just about staying current; it’s about positioning our company for sustained success in the ever-changing business landscape.
Sam Judd is chair of HEI Civil, a 2024 Private Company Boards of the Year Award recipient, and a member of the board of a prominent family real estate enterprise and family office. He is also a member of MLR Media’s Directors to Watch 2024.