Technology Experience a Must for Board Composition

Published: 18 Jan 2024
Type: Insight

Corporate governance is an enterprise-wide endeavour that addresses all aspects of an organisation. Obviously, the most material, if not critical, aspects of the organisation should receive corporate governance priority.

Since there is not an organisation, in either the public or private sector, whose existence and success does not depend on information technology, it is reasonable for investors and regulators alike to expect that all boards would make it a priority to include a technology-savvy director.

Pervasively, that is often not the case despite history’s lessons.

With Y2K came the first realisation that boards were generally unprepared to anticipate, plan for and avert systemic IT infrastructure risk. I saw that first-hand when I served as special counsel to the Ontario Securities Commission on the legal implications of Y2K for the companies that the OSC regulated.

Soon after Y2K, as legal and audit professionals were still formulating their Y2K “lessons learnt” guidance, the “year of the accounting scandals” (2002) arrived. The broad and instructive inquiries into those scandals threw a very bright light on the inseparable relationship between sound financial management, data integrity and IT governance.

In the years that followed, a great deal of debate ensued about the need for IT business experience to be represented on boards.

From the Ivy Business Journal article (September-October 2004), titled “What Boards Don’t Do But Must Do About Information Technology”, to the 2005 Harvard Business Review article on the need for increased IT governance, titled “IT and the Board of Directors”, it had become clear that boards of directors needed to embrace the fact that their IT infrastructure was a critical dimension of their operations that had previously been overlooked.

The second era of IT governance arrived in the 2010s with the advent of cybercrime, malware, digital sabotage and attacks on businesses of all types.

In 2016, Dambisa Moyo’s Harvard Business Review article, titled “Does Your Board Need A Tech Expert?” reviewed the inherent benefits of IT expertise on the board and concluded, in part, that “… as businesses derive a more direct or significant part of their inherent value from technology, they’ll need access to independent experts (on the board) with deep understanding of technology as a key driver of the company’s fundamental value proposition — people who can check and challenge management’s recommendations”.

It was the paradoxical juxtaposition of companies that had a critical dependence on IT yet had little IT experience on their boards that led securities commissions and other regulators to address that governance deficiency head on.

For example, Britain’s Financial Conduct Authority has called on boards to be far better equipped to oversee IT risk (speech of the FCA’s COO to the 2017 Cyber Security Summit), and the Canadian Securities Administrator’s 2016 Staff Notice 11-332, calls on registrants to manage all forms of IT risk with accountability at the board level.

The Bermuda Monetary Authority has issued similar regulations that require direct board oversight of IT, third-party IT services, data, cyber and related operational risks by the financial service enterprises they regulate.

Over the past few years, IT operations have only become more complicated. Cloud solutions come in many different types and risk profiles, and the contractual requirements for the delivery of software solutions and IT infrastructure “as a service” bears no resemblance to a licence agreement.

The highly beneficial uses of intelligent systems, such as AI, simply increase the stakes of operational risk, and access to data for advanced analytics is now highly encumbered by regulatory restrictions as well as data protection and privacy laws.

Yet many corporate boards still do not have the resident IT business and governance expertise that is commensurate with their enterprise’s reliance on IT to survive and flourish, let alone to better evaluate and oversee transformational IT projects that are undertaken by management.

As well, many risk management board committees have also failed to retain IT business professionals to assist them in their IT oversight functions.

The Corporate Governance Institute’s November 2023 report, “Adapt or Perish: The Technology Challenge for Boards”, concluded with this guidance: “The demands on board members have never been higher. Securing good standards of corporate governance have never been so challenging — including governing technology.”

Does it make sense to have a qualified director on the board who also has technology business experience and expertise? If not now, then when?

First Published in The Royal Gazette, Legally Speaking column, January 2024

Share
More publications
Bermuda-1024x576-1
1 Jul 2026

A Forest for the Future

A first since the blight, the airport cedar forest is growing tall and standing strong.

Appleby-Website-Regulatory-Practice
1 Jul 2026

Complied out of business

Firms are complying themselves out of business because compliance no longer matches the evolving sophistication of the Bermuda Monetary Authority (BMA).

Appleby-Website-Insurance-and-Reinsurance
1 Jul 2026

The long game: how Bermuda became the world’s life reinsurance capital

Ask a life insurer in New York, London or Tokyo where the liabilities behind their book ultimately sit and there is an increasingly good chance the answer is a 21-square-mile island in the North Atlantic.

Appleby-Website-Insurance-and-Reinsurance
1 Jul 2026

Record H1’26 Cat Bond Issuance Driven by Rising Sponsor Comfort and Diversified Risk

With H1 2026 officially breaking the record for the most catastrophe bond deals to come to market and settle in the first six months of the year, a key trend driving this momentum is how comfortable sponsors have become with the mechanics of the overall cat bond space. This familiarity has ultimately encouraged a wave of new sponsors to enter the market, according to Brad Adderley, Managing Partner at law firm Appleby.

Appleby-Website-Employment-and-Immigration
12 Jun 2026

The Cost of Getting Employee Departures Wrong: Five Common Pitfalls for Bermuda Employers

Employee departures are an inevitable part of running a business, but the way they are managed can have significant legal, financial and operational consequences. In Bermuda, employers who approach terminations without adequate preparation may expose themselves to unnecessary disputes, regulatory issues, and reputational harm. Whether an employee is being dismissed for performance reasons, made redundant or departing as part of a negotiated exit, by recognizing the following common mistakes and taking a proactive approach, organizations can manage departures more effectively and reduce risk.

Appleby-Website-Privacy-and-Data-Protection
8 Jun 2026

It’s time to bridge Pipa compliance gap

A review of 200 publicly available privacy notices of companies in Bermuda has revealed that just one in nine are fully compliant with the Personal Information Protection Act 2016.

Appleby-Website-Privacy-and-Data-Protection
26 May 2026

Transparency is a legal requirement under Pipa

Major companies across the European Union have faced substantial fines between 2019 and 2024, estimated at a total of €930 million (about $1.08 billion), not only for cyberattacks or data breaches, but also for issues such as noncompliant privacy notices. A common theme in many cases has been a lack of transparency.

Appleby-Website-Insurance-and-Reinsurance
8 May 2026

Outsourcing considerations for Bermuda insurers

As Bermuda insurers engage with third-party service providers to support their business functions, the Bermuda Monetary Authority has clarified its regulatory expectations surrounding outsourcing arrangements and operational resilience.

Economic Substance
27 Apr 2026

Economic substance regime now falls under Cita

Recent amendments to Bermuda’s economic substance regime have transferred regulatory responsibility from the Registrar of Companies to the Corporate Income Tax Agency.

Appleby-Website-Private-Client-and-Trusts-Practice
22 Apr 2026

Regulation, Regulation, Regulation

The article discusses updates to global trust guidance and regulation, as well as beneficial ownership and the regulatory burden on trustees that comes with increased transparency.