Less than one in ten board members have ‘strong tech experience’ despite the rise of significant cyber threats.
A new report has said there is a severe lack of focus on tech capabilities at the corporate governance level – specifically when it comes to cybersecurity.
Titled the Ireland Board Index Report and released by management consulting firm Korn Ferry, the document tracks performances and the latest trends in one of the EU’s most active corporate landscapes, Ireland.
Findings from the survey indicate that just 9% of Irish board members have “strong tech experience,” – which in this case is defined as “significant time in the [tech] industry or a digital function within another industry.”
This lack of experience is despite a huge increase in the threat level from bad actors within the digital space over the last few years.
“In 2021, reported cybercrime fraud offences rocketed by 111%, compared with 2020 levels in Ireland,” the report says.
“Boards are still under represented in terms of technology talent and digital skills. Identifying and recruiting the right candidates will require considerable effort and the willingness to include more lateral thinking and explore a wider talent pool.”
The findings come at a time when Irish companies – much like their counterparts across Europe – settle into the “new normal” of post-pandemic working.
For nearly two years, lockdown restrictions and remote working combined with continuing globalisation formed the most digital-dependant professional era so far. And as the world has moved online, so too have criminals. According to the most recent statistics from state broadcaster RTE, Ireland alone has seen increases in card fraud, online investment scams, phishing, blackmail, and extortion.
“Tech transformation is more important now than ever, with organisations having less time to transform,” said Patrick Kennedy, chair of Bank of Ireland, one of the most prominent financial institutions in the country. “Whatever time you thought you had is now even shorter.”
The Index Report noted that convention requires organisations to take a “digital-first” approach to cybersecurity if they want to take full advantage of what the field could offer. “Some organisations are setting up transformation committees.”
Previously, if a chief information officer was the only one in a company with in-depth tech experience, that was enough. The report suggests that success depends on many board members – or possibly all – having some tech experience on their CV.
It also hinted at one crucial knock-on effect of this effort: the recruitment of younger board members, reducing the current average of 62.5 for executive directors and 61.6 for non-executive directors.
Where organisations might value age as an indicator of experience, the logic might not be as sound in this particular context.
Indeed, Europe continues to suffer from a general cybersecurity skills gap, according to ENISA, the EU agency responsible for the industry.
Trying to navigate that skills gap to find the appropriate people to take up board positions may be more difficult in the short-to-medium term unless younger candidates with newer qualifications are recruited.