• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

What should boards know about digital technology?

March 20, 2024

Digital technology continues to drive immense business opportunity, and with that comes an ever-increasing need for boards to understand and mitigate significant risks.

Cyber security

Recent ransomware attacks impacting various NHS Trusts, Royal Mail, and The British Library to name just a few illustrate the ever-present threat of cybercrime. Data breaches can cripple businesses, eroding finances and customer trust. Non-executive directors shouldn’t shy away from technical jargon but instead seek clear explanations to understand threats such as phishing emails and social engineering tactics. Boards should support and challenge the executive team to provide data and insight around the identification of assets and threats, the assessment and prioritisation of risks and the management and mitigation of those risks. It is crucial that boards have a positive attitude and a culture that views a cyber-attack as inevitable, employing the resources required to identify and implement security measures and plan for incident response.

Data governance and privacy

Data is arguably an organisation’s most valuable asset, but mishandling it carries hefty fines and reputational damage. Non-executives can help ensure a board prioritises data governance and privacy by asking questions to understand how customer data is collected, used, and protected - as well as about how the organisation is compliant with GDPR and PECR regulations. Strong data governance minimizes risk and safeguards reputations.

Emerging technology

Artificial Intelligence (AI), blockchain, and the Internet of Things (IoT) are revolutionising industries. Non-executives should spend time understanding these trends to identify both opportunities and potential risks. AI can drive creativity, efficiency and entirely new business models but also be biased, lack transparency and displace jobs. How are responsible organisations even equipped to manage the substantial legal and ethical considerations of AI? Blockchain can drive transparency and efficiencies but is also energy-intensive and unregulated. For IoT, the benefits around automation and user experience are vast, but security weaknesses, privacy concerns, and a lack of standardisation can create problems.

Digital transformation

Digital transformation isn't just about technology – it's a cultural shift. While it can streamline operations and enhance customer engagement, it naturally carries risk. Boards should scrutinise the proposed strategy: are the goals, budgets, and timelines realistic? Regularly monitoring progress and ROI is crucial. However, the biggest risk may be complacency. A culture of continuous learning and adaptation is required, equipping the workforce with the culture and skills to navigate the ever-evolving digital landscape.

By actively managing these risks, and by engaging in necessary ongoing learning, boards can ensure their organisations become not just tech-savvy, but also risk-savvy, effectively guiding organisations towards a successful digital future.

Neil Tinegate is non-executive director with a strategic skillset and deep expertise in digital transformation, technology, innovation and customer. He will be expanding on his views contained in this blog in a Financial Times NED Conversations event on the 14 May 2024.

Tags: Neil Tinegate
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson