A book on the “digital director” is long overdue. It used to be that directors’ technology skills were either not emphasized or not thought of as important, but now you can’t ignore the issue. Now, the more literate each director (and by each director, I mean every single director) is on digitization, cybersecurity, data privacy, and technological innovation, the more effective the board ultimately is. Boards need to evolve from “bricks-and-mortar” and paper to digitization. This book – which charts an evolution that is just beginning – will be a welcome addition to the arena.

As several of the directors interviewed in this book point out, governance in the digital age is hard work. This is partly due to the lack of knowledge and experience that many directors – who tend to be men in their late 50s, 60s, or early 70s – have about the use of technology, including the definitions, the acronyms, and the application. These are things directors can learn on the job, but boards really need to diversify, namely by recruiting younger information technology-literate directors with diverse digital expertise. Those incoming younger directors won’t necessarily have P&L experience—they will likely not have run major businesses like the other directors have—but they have a skillset that will be so important to the success of the board in the years ahead. Information technology is one of the top competency gaps that I see when I create competency matrices for boards, and it’s also the number-one skill that boards are seeking in new directors. The competency needs to include things like AI and blockchain – not just a passing familiarity with these areas, but someone who actually “lives it.” A client said to me recently, “If we don’t bring the proper IT expertise onto our board, we’ll cease to exist within 10 years.”

As the authors of this book point out in Chapter 2, these trends certainly impact recruitment, and are impacting the way directors communicate with one another, their usage of board portals, and their comfort with technology. There are still some obstacles being produced by older directors who insist on using pen and paper – they get left out of discussions on the board portal because they’re not keeping up. There’s a need for director education on technology literacy, as well as reinforcing usage of board portals and having a younger technology-literate director who can act as a catalyst to catapult the board and advise the senior management. It’s incredibly important for directors to understand digitization, disruption, and the impact on business models that occurs as a result – and many boards are simply not up to speed. Directors need to be diversified – in age, skillset, understanding of technology, and gender – you need younger directors who understand the technology and the implications on business models. Or, as “next-gen” director Priya Cherian Huskins – who was interviewed for this book – put it, “It’s worth noting that age is not always a good proxy for business acumen. There are important competencies, for example an understanding of social media and technology disruption, where next-gen leaders can shine.”

Boards need to talk about term limits. If you’re bringing a director on who is 42 years old, you don’t want them to be there for 30 years. Boards should consider nine, twelve or fifteen-year term limits to encourage healthy diversity of age, gender, and skillsets on boards. The danger is that you can become “stale” very quickly – all it takes is a technological drift of about a year or two and you can find yourself being left behind.

Take, for example, the use of social media. Many companies now have social media policies for directors dictating how they should behave and modes of behavior around social media. But many directors tell me they just avoid social media because they don’t know how to use it. One director asked me last week, “What’s Twitter?” There needs to be education around tone, language, and usage – recruitment firms are now searching social media profiles of candidates to determine the level of risk and knowledge. If directors understand what each social media platform does, they will understand the rapid brand contagion that social media can produce for the company – which can be positive or negative. A few years ago, it used to be two to three days before an issue went public – now it’s 10 minutes or less. If your brand can be brought into disrepute in a matter of minutes, directors have to be able to understand each platform, the risks social media could bring, and how to leverage it successfully. In response to social media, some boards are becoming more assertive – asking directors to disclose any incidents that could become common knowledge and cause harm. The use of Google Alerts is no longer adequate – you likely will need professional help to monitor issues being shared on social media and bring forward any issues for board discussion. For example, recently there was an issue where an executive grabbed a microphone and made disparaging comments to a female reporter – it was instantly on social media and caused adverse brand damage to the company within one hour. Directors have to do a lot of upfront prep work because once the crisis happens, it’s too late to respond.

In Chapter 3, the authors explore some of the ways boards are dealing with new sources of risk presented by technology innovation and disruption. Many boards send all technology issues into a committee for discussion. Traditionally, the audit committee deals with all risk issues. But technology risk is different, and the audit committee may not necessarily be equipped to handle technology risk. I’m seeing more governance committees get recast as “governance and risk” committees to deal with a broader range of risk areas, including technology risk. Some boards are creating specific technology committees – which is not yet a widespread trend, but is becoming more common. If you consider that 90 percent of corporate assets are now digital/intangibles, technology has to be considered as part of material risk for the company. Boards need people on these committees who understand technology and can advise the company’s CIO or CISO. The board should be able to lead, rather than follow, on technology issues. Younger directors who have that expertise can help companies see the future.

There is a great deal of new risk – including personal liability – because of technology. Lawyers are beginning to sue directors for their texting and cell phone interactions that occurred during board meeting times – attempting to demonstrate that directors have breached their duty of care by using technology inappropriately during meetings. There is a need for much greater rigor to demonstrate that you were paying attention, including the expectation that directors are using technology in a way that facilitates and enhances rather than distracts during board meetings. But technology can be a powerful tool, allowing boards, for example, to bring directors into the room who are in other jurisdictions – New York, London, Berlin, Sydney, Singapore, San Francisco, and so on. Technology is powerful, but it can become a powerful distraction – you have to make sure you have the best and brightest in the room who use tech wisely.

Chapter 6 provides some food for thought around directors and personal responsibility that ties in well to how boards can respond in the digital age. There is now a trend to have more individual areas of expertise among directors. It used to be that “we’re all in this together” on boards, but as we begin to have individual competencies that are explicit on the board, each player brings different expertise to bear on discussions. Each one can review documents from their unique perspective and make recommendations at the board and committee level. It’s no longer acceptable for any director to just sit back and be passive: you have to be more proactive in applying your unique expertise. I could envision a day in the future when we might have liability commensurate with director expertise – if there’s a major hack and breach of privacy, lawyers and activists might begin to hold the board accountable for not having the right experts at the table. This puts pressure on boards to recruit based on competencies, similar to how the SEC changed its rules on financial competency on boards in the wake of the financial crisis in 2008.

Given the increased scrutiny and liability facing directors, many companies are investing in cyber-risk insurance. But, just as with any other type of insurance, having it doesn’t mean you can be complacent – insurers look at your level of involvement and preparation and use that to determine paying damages. If you rely on insurance, it’s already too late. It doesn’t address the need for due diligence inside the boardroom. Insurance is a fail-safe – you still need to implement all the best practices that are outlined in this book.

Boards must adopt an attitude of resilience when it comes to technology innovation and disruption. It’s a moving target, and if you don’t keep up you’re falling behind. Regular education sessions (every meeting) – bringing in experts to keep directors up to speed on technology, augmenting competencies, increasing budgets for education that are already generous, attending conferences – all of these things need to be part of every director’s routine work. Boards are now retaining third-party technology experts – futurists, cyber-risk experts, inventors, others – to make sure the board is kept updated and has access to outside perspective to help validate what they hear from management. And, as the authors point out, boards are beginning to develop “personality profiles” that can either help or hinder their ability to adapt and build resilience.

I believe, as some directors have said to me, “We’re in the middle of a revolution.” We’re at a tipping point with technology that is fundamentally changing how business works. Futurists are telling us how the world might look 10 to 20 years from now, and most industries will see radical transformation. Boards now have to emphasize how their businesses can remain nimble, plan ahead for how technology might disrupt their business models, anticipate where change will likely come from, grapple with “the unknown unknowns,” and help management to be prepared.

The boards of the companies that are outperforming against their peers are aggressive about pushing information to management, rather than waiting for information from management. They have specific KPIs (key performance indicators) to tell the story of value creation, and they control the agenda. Technology is 40-60 percent of each agenda in these companies. But to do this you need directors who are confident in understanding technology. Many directors feel that they don’t know what to do, and yet they are retained on boards because of their independence and not their level of competence. A good director has the credibility and gravitas to push down strategy and information to management – not micromanagement, but overseeing future change, digitization, and business models. Rubber-stamp boards – those that simply wait for instruction – are in denial. The board should never be in denial – there are no bad companies, only bad boards. This book will help directors know what’s at stake and how they can adopt better practices to ensure the long-term health and viability of their enterprises.

Dr. Richard LeBlanc

Professor of Governance, Law & Ethics, York University, Faculty at the Directors College, and author of The Handbook of Board Governance: A Comprehensive Guide for Public, Private and Not-for-Profit Board Members, © 2016, John Wiley & Sons

This book was truly a team effort, involving hundreds of hours invested by multiple players to bring it across the goal line. We’d like to extend our deepest gratitude to all those who played a role in helping to develop this book. In particular, we extend our heartfelt gratitude to all those who shared their insights and expertise through the interviews we conducted, including Betsy Atkins, Jan Babiak, Leslie Campbell, Nelson Chan, Priya Cherian Huskins, Pamela Coles, Nora Denzel, Sue Forrester, John Hinshaw, Erin Lantz, Anastassia Lauterbach, Richard Leblanc, Ralph Loura, Colin Low, Merline Saintil, Margaret Whelan, and Laurie Yoler. Your wit and wisdom made this book special – thank you for generously sharing your stories.

We would also like to say a special thank you to Diligent team members Warren Allen, Zach Boisi, Amanda Carty, Meghan Day, Tania Dworjan, Amanda Finney, Maggie Fisher, Kerie Kerstetter, Annie Kors, Natalie Lazo, Elyse Maloni, Nick Price, and Leslie Tytka for their invaluable assistance – from providing input on the overall direction of the book, to assisting with director interviews, to reviewing and editing drafts, to assisting with research, copyediting, graphics, scheduling, and so much more. Additionally, we could not have completed this project if it were not for the team at Garfinkel and Associates, especially Steve Garfinkel, Jill Marquardt, and Samantha Rosen – your tireless efforts helped make this book a reality.

Finally, we want to thank all of our colleagues, family members, and friends for their unending and gracious support. In the pursuit of finishing this book, we had to turn down invitations and delay other obligations, and we thank you for your understanding and patience – we hope you enjoy reading the results.

Brian Stafford is Chief Executive Officer of Diligent Corporation, the leading provider of secure communication and collaboration services to board members and the C-Suite of leading organizations. Brian assumed the role of CEO in March 2015 and is responsible for all day-to-day operations with a primary focus on driving global growth by delighting its clients with great products.

Brian previously served as a partner at McKinsey & Company, where he founded and led their Growth Stage Tech Practice. While there, he concentrated on helping growth stage technology companies scale faster and did extensive work with software-as-a-service (SaaS) companies, focusing on sales operations and strategy, pricing, international growth, and team building. Prior to his tenure at McKinsey, Brian was the founder, president, and CEO of an automotive spinoff of Trilogy Software based in Austin, Texas.

Brian holds a Master’s Degree in Computer Science from the University of Chicago and a Bachelor’s in Science from the Wharton School at the University of Pennsylvania. He serves on the board of the Brooklyn Academy of Music (BAM).

Dottie Schindlinger is Vice President of Thought Leadership and Governance Technology Evangelist for Diligent Corporation. In her role, Dottie provides thought leadership on governance, cybersecurity, and technology topics through presentations to boards and executives dozens of times each year at events around the globe. Her work has been featured in Forbes, The Wall Street Journal, and in multiple governance and technology industry publications.

Dottie brings more than 20 years’ experience in governance-related roles, including serving as a director, officer, committee chair, senior executive, board-support professional, governance consultant, and trainer for public, private, and nonprofit boards. She was a founding team member of the tech start-up BoardEffect – a board management software provider for nonprofit, education, and health-care boards, acquired by Diligent in late 2016. Dottie currently serves on the board of the Alice Paul Institute. She holds a Bachelor’s of Arts in English from the University of Pennsylvania.