The historic pace of advancements in technology is reshaping industries and challenging all business models. Boards at public companies of all sizes and in all industries should ensure they have the tools to fulfill their fiduciary duties in this age of innovation, with respect to opportunities as well as enterprise risks. To that end, every board should ask management to proactively address opportunities and enterprise risks arising from advancements in technology and innovation, adopt procedures that ensure board members have relevant knowledge of (and perhaps expertise on) the latest advancements in technology, and implement structures that facilitate board members' fulfillment of their fiduciary duties with respect to technology and innovation.
The Pace of Innovation: How Boards Must Respond
Technological innovation is taking place at a pace unprecedented in human history, which challenges board members to effectively oversee and guide their companies' performance. To fulfill their duties in this environment, board members should proactively ask management to address opportunities and threats relative to technology and innovation at regular board discussions. To stay up to date with respect to the latest advancements in technology during such discussions, boards should ask management to consider technological advancements applicable to their company, cybersecurity risks and the company's compliance with the evolving regulatory environment relative to technology, in particular with respect to data privacy laws. Such discussions may serve as a platform for the exploration of emerging technologies and the potential impact on the company's strategic objectives.
Recent cybersecurity events confirm that data security will remain at the forefront of a board's compliance oversight obligations for the foreseeable future. Boards must actively address and stay informed about recent cybersecurity incidents and encourage management teams to formulate comprehensive action plans to mitigate potential cybersecurity incidents and prepare any disclosure required by regulatory bodies governing cybersecurity incidents, now including the SEC, which recently adopted rules regarding cybersecurity disclosures. By taking a proactive stance on cybersecurity, boards can contribute to safeguarding the company's sensitive information, assets and reputation in an increasingly interconnected digital environment.
Keeping Up with Technology
Ensuring that board members are receptive to technology and maintain a curiosity about its impact on the company's performance is vital to a board's effective oversight obligations. Boards should foster a culture that encourages its members to engage in continuous learning and adaptation to technological advancements. One effective strategy is to invite senior technology officers, such as the company's chief information officer or chief information security officer, to periodically present to the board about recent trends in technology and innovation observed during the performance of their day-to-day activities. Such discussions are likely to offer valuable insights into recent technology advancements and allow for transparent, two-way dialogue between the board and the management team.
It is crucial, however, to strike a balance between the board's oversight role and management's operational decisions regarding technology. While the board is tasked with providing high-level strategic guidance, management teams should feel empowered to make day-to-day decisions concerning the company's technology strategy. This collaboration ensures that the board's expertise is leveraged for high-level strategic direction, while operational decisions may benefit from the management team's in-depth understanding of the company's specific technological needs.
Technology and Board Structure
Although recently considered by the SEC and discussed by the exchanges, public companies are not currently required to ensure that their boards include a cybersecurity expert. However, recognizing the importance of cybersecurity expertise in the current digital age, boards and corporate governance committees should consider the cybersecurity backgrounds of all director nominees. This proactive approach will ensure the board has the necessary knowledge to navigate the evolving cybersecurity environment.
Additionally, a growing number of public companies across all industries have established some form of technology or innovation committee, although this is not a regulatory requirement. In general, the purpose of a technology or innovation committee is to assist with the board's oversight and support of technology and innovation-related matters, including digital commerce initiatives, cybersecurity and data privacy oversight, and intellectual property matters. Notable public companies that have established dedicated technology or innovation committees include Nordstrom, Carmax, Medtronic, Procter & Gamble and Sysco. Boards considering the adoption of a technology committee may reference the technology committee charters of these companies to determine the appropriate approach for the company.
The rapid advancement of technology demands a proactive and strategic approach from boards of public companies across all industries. Encouraging regular board discussions related to innovative technology updates, fostering a two-way dialogue between the board and the management team, and proactively establishing structures such as technology committees are essential components of an effective strategy for boards to ensure that their company's technology goals are met and technology threats are monitored. To adapt to the trends in the current digital age, boards may consider embracing these practices to effectively fulfill their duties in navigating the ever-changing technology and cybersecurity environment.
Originally published by Directors & Boards.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
