Across industries, how well companies fare over the next decade will depend largely on their ability to embrace transformative technology. Advances in areas like artificial intelligence, machine learning and cloud migration are driving the evolution of virtually every business model, as companies scramble to leverage the myriad capabilities they offer.
But the rewards of winning the digitization race—improvements in speed to market, customer experience and operating efficiencies—come with a caveat, noted Nazif Sharique, partner, technology and risk consulting at RSM US. “This uptick in the emergence of digital transformation can really elevate your risk profile in terms of cyber threats,” Sharique told directors gathered for a recent Corporate Board Member roundtable discussion hosted in partnership with RSM. “As your company becomes more technology based, there’s a need to calibrate heightened vulnerability into your digital landscape.”
For boards, the idea of assessing and addressing cybersecurity risks associated with technology during the transformation process represents a formidable challenge, agreed several directors participating in the discussion. “On the boards I serve on, the two areas are siloed,” said Cynthia Hostetler, a director at Vulcan Materials and Resideo Technology. “We talk about cyber when we talk about security, which includes physical security, not when we talk about AI.”
While the audit committee traditionally owns oversight of cyber-related risks, more and more boards are rethinking where digital transformation and IT-related risks fit into their committee charters. Amneal Pharmaceuticals, for example, created a new technology and risk committee charged with navigating oversight of the area. “The audit committee was covering such a broad definition of risk that the agenda was getting far too long,” explained Emily Peterson Alva, a director at Amneal. “So, in the past year, we created a committee that oversees what we think about as forward-looking and strategic risks, which include things like regulatory, security and other technology-related risks.”