Board Chair of the Future (2)

For those who may not have read last week’s column, a bit of a backgrounder for today’s piece.

The global survey conducted by the Global Network of Director Institutes in late 2022 had three parts to it, i.e., strategic priorities of boards broken down in three-year periods.

Last week covered the thinking of boards shortly after the Covid pandemic which expectedly was the need for agility and resilience to survive short-term aberrations and, going forward, how to plan and strategize for future black swan events.

This week I hope to share with you the boards’ priorities about the second three-year period which should be about the years 2025 and beyond. In essence, this period will be focused on the perceived gaps in the organization, the most important of which are the digital expertise governance gaps.

Currently, the assessment is that as much as 55 percent of the boards surveyed believe they do not have the expertise to manage cyber risks, while about 54 percent are unable to cope with the fast-moving digital innovations such as generative AI, both for good as well as for bad.

To illustrate the seriousness of cyber risks, in the US alone as an example, according to the Identity Theft Research Center’s Data Breach Security report, the number of breaches increased by 17 percent from 2020 to 2021, with an average ransomware demand of $6 million per breach with the highest recorded at $10M.

Apparently data breaches are not just a one-time fixable event as social media tech giant Facebook, as reported by no less than founder Mark Zuckerberg, has had its systems breached involving 80 million customers, probably an offshoot of a 2021 data dumping incident of 550 million customers via data scraping in 2019.

In the Philippines, data breaches have become a national security concern deemed by the government to be foreign state-sponsored operations aimed at undermining the country’s sovereignty.

An example was the DFA’s discovery that the personal data of 28 million passport holders may have been compromised. The data could reportedly, according to the DFA, be sold on the Dark Web for as much as $63 per passport containing critical personal details.

It is no wonder that we have such scandals of the Alice Guo variety that is clear proof that in our midst are probably thousands of aliens posing as Filipinos using stolen passport data to engage in restricted Filipinos-only businesses, occupations and elective positions. There are other examples that are as alarming, such as the data of about 70 million registered voters stolen from the Comelec.

And more recently, a hacker group called Medusa, which hacked the data system of the Philippine Health Insurance Corporation stealing 734 GB files of 59 million members, demanded a ransom payment of P17 Million for the return of the stolen data.

Even the private sector is not spared. The Jollibee Group was not too joyful when it announced that the personal data of about 11 million customers was illegally accessed. Robinsons Land, Toyota Motors and the Villar Group also had their systems hacked, according to opinion writer Lloyd Bautista of The Manila Times.

Such massive data intrusions undermine the confidence of domestic and foreign businesses. And it is imperative for boards and not just the managements, whether of big or small companies, to have a firm grasp of the cyber risks that could adversely affect the business and to understand how to mitigate these risks.

The issue, of course, for most boards is whether there are sufficient competencies at the board level. The survey noted that about 45 percent of boards acknowledged the need for a clear, sound long-term strategy to ensure success, and to identify gaps through an objective assessment, deemed an important priority by 52 percent of the boards surveyed, best done by third-party board evaluators, of the company’s board members as to diversity, skills level and corresponding complementing capabilities.

And to be truly successful for the long term, what should be gone are the days when political or friendly appointees of the major shareholder was the norm for a board appointment according to 32 percent to 42 percent of the respondents.

Other critical priorities identified are the need to have constant strategic dialogues between the board and management, noted by 60 percent of survey respondents; and by 47 percent of the respondents, defining clear forward-looking metrics and KPIs to avoid undue reliance on past performance; and for another 47 percent, improving board analysis and decision-making processes with the use of data analytics.

Until next week… OBF!

***

For comments, email bing_matoto@yahoo.com.