Beware the digital governance gap

Published on Wed, 21/12/2016 - 13:51

Two thirds of UK boards have not set their company's appetite for digital risk and over half have not estimated the financial impact of a cyber breach. Julia Graham warns business leaders this is not good enough.

Writing in Finance Director Europe, a magazine for UK finance directors and senior management, Ms Graham warned that although boardrooms are concerned about digital risk, they are not yet taking ownership of the risk.

"Even today, digital topics are often left to those who "best understand" them as there is an inherent fear of the unknown," she wrote. "Nobody likes to appear ignorant especially when questions about technology are raised - it is too easy to look the other way and expect those in the technology team to field the answers."

She noted that two thirds of UK boards have not set and understood their company's appetite for digital risk, and the majority of companies are still failing to estimate the financial impact of an attack on their systems and data. 

What's more, she argued that senior executives tend to overestimate the extent to which they are insured, with over half of CEOs believing they have cyber cover, when the reality is less than 10%.

"Board members don't need to be digital experts; however, because the digital world will penetrate all aspects of the organisation, they will be expected to have enough knowledge to ask the right questions of the right people. Executive digital education is a key area for action." 

The explosion of business opportunities opening up as a result of the digital revolution is on a different scale to any development in living memory. This is not news to businesses: they are investing heavily in the resources to exploit this. Ms Graham warned, however, that organisations have a tendency to focus more on the opportunities than the risks. 

Ms Graham's article noted that digital risk is different to other risks because the scale of change is such that digital will become embedded in everything a business does. "As a result digital risk isn't a standalone risk that can be neatly categorised. Instead, it creates a different business context and will become a dimension of almost all risks as well as opportunities." 

She added: "The pace of change as we move towards a digital world will be exponential and will seem daunting. But what is clear is that digital governance has to become part of the DNA of any company that wants to be resilient and successful in the digital world." 

Read the article in full on the FDE website.

Julia Graham - Airmic Deputy CEO