According to two Deloitte directors writing in USA Today, the 48% of enterprise boards of directors that have a risk committee may not be sufficient to meet the threat. Depending on the firm and the industry, more boards may be due to establish such a committee. More risk committees may need to recruit a cyber security expert. And more boards may need to establish a separate committee to deal with Internet and other technology threats. All boards may benefit from the engagement of more external experts to inform them on the risks to the firm of cyber crime and technology failure.
From critical infrastructure to intellectual property, regulatory compliance, and technological competitiveness, the risks of a technology-related failure to the assets and performance of the firm are ever growing. Many corporate management structures are inadequate for assuring risk mitigation, and it is the responsibility of the board to assure that management is aligned with corporate needs.
The authors of the piece don’t identify the responsibility of corporate managements to alert their boards to the risks for the company. For management to take such a message to the board, certainly without recommended action steps, may seem counter-intuitive to maintaining favor with the board. It is the responsibility of management, from CTO and CIO to CEO levels, to see that such a dialogue is successfully engaged. Brutally honest communication on the stakes involved may be the best opportunity management has to align the organization with its vital technology requirements.