5 tips for CIOs to better connect with boards

The impact of disruption on existing business models is one of the great themes of modern business. Survival of a business today can rely on quality of digital infrastructure or information security. Directors and boards are increasingly conscious of contemporary risks and the need for digital strategy to be on the agenda.

The recent Institute of Directors (IoD) NZIER Director Sentiment Survey indicates that cybersecurity and digital strategy are on the minds of directors in an unprecedented way. Nearly half of those surveyed expect to face major technological and business disruption within the next two years.

Boards are now seeking executives with technology know-how so they can better understand emerging cyber-risks. The trend is an international one. For example, JPMorgan Chase & Co, PepsiCo Inc, Cardinal Health Inc, Deere & Co are just a handful of Fortune 500 companies that have hired chief information security officers (CISOs) in recent times.

The hunger for high quality advice means that good boards are increasingly turning to the CIO for guidance and information. But are technology experts engaging with the board in the right way to stake their claim to the C-suite?

Traditionally, the answer may have been no. Technology was often treated as an operational matter, overseen by a highly specialised business unit, staffed by narrowly skilled experts. Sometimes this perception may have been unfair, governed by historic interaction between the board and the technology team.

Times have changed. Boards are now seeking technology executives properly inform and educate and educate them on cyber-risks. There has never been a better time for CIOs to make a difference at board level. This means ensuring the board understands the strategic opportunities and risks that a digital strategy provides.

The Institute of Directors has five tips for CIOs to better connect with the boards to which they report:

1.Get digital strategy on the board agenda

Put cybersecurity on the agenda before it becomes the agenda. If the strategy is not on the agenda, you may just find that directors will meet its inclusion with relief. The board needs to be aware that a digital strategy is a key part of the strategic planning and risk management of the organisation. Cybersecurity needs to be understood as an enterprise-wide risk management issue, not just an IT issue.

2.Give your board the IoD Cyber Risk Practice Guide

It’s based on international best practice and available free to members of the public. The guide is designed for directors using five useful principles to help them contextualise their role in digital strategy. ConnectSmart, the GCSB and the private sector on the initiative have given their compliments.

3. Become a trusted advisor to the board

The CIO needs to learn to understand what drives their board, the strategic issues that the board should understand and the technological environment in which the company is operating. What are competitors doing? What risks looms on the horizon? How can we position ourselves to face disruption?

Categorise the risks the board faces. Board and management discussion of cyber-risks should include identification of risks and which to mitigate or transfer including specific plans associated with each approach. Consider taking an IoD course to learn more about how directors think.

4. Speak the language of the board

This means working with the CEO to identify what they will focus on. Use examples and metaphors and work to demystify technical matters. Understand what you want from the board as a starting point. Explain costs in a simple and straightforward way. Understand the IP including the tangible and non-tangible technology assets of the company.

5. Recognise technology is part of a suite of concerns the board is considering

Technology is not a new subject but it is finding a new place at the board table. Remember that it is part of a range of strategic issues, risks and priorities the board is considering. The competition for oxygen at the board table is tight and ranges from financial reporting, health and safety through to people and culture issues. The imperative is to be concise and focused in your advice.

There has never been a better time for the CIO to stake a claim as a valued advisor to the board. The growing awareness and importance of the role is a great opportunity to become visible and relevant.

Simon Arcus is the CEO of the Institute of Directors NZ.