Australian boards of directors must include more young people and focus on driving innovation change to avoid being “smashed” by the upcoming digital revolution, according to Data61 chief executive Adrian Turner.
Australian companies have a problem with the composition of its boards of directors, Mr Turner said, with a lack of women and young people leaving companies unprepared for accelerated digital change.
Speaking at InnovationAus.com’s Cyber Leaders conference in Melbourne last week, Mr Turner said Australia needed to look to Silicon Valley’s boards and include more digital natives in important decisions.
Mr Turner worked in the startup capital of the world for 18 years before returning to Australia in 2015 to head up CSIRO’s data-focused business unit. He said there was a stark difference in the way boards operated when he returned to Australia, especially in terms of age diversity.
In Australia, the average age of a board director is 60. In contrast, the average age of a Facebook director is 49.
“We’ve got a problem in our boards. There’s this reluctance to give young people a shot. Digital natives just think differently,” Mr Turner said.
“There needs to be more diversity and more of a mix. As a country we need to break open this closed mind-set and find new people.”
“Companies that do that and step up to the opportunities are going to thrive. Companies that don’t are going to get smashed.”
Australian boards served a fundamentally different purpose than those overseas and in places like Silicon Valley. Not enough was being done to drive innovation from the board level.
“The boards play a fundamentally different role here – it’s about governance, risk management and compliance,” Mr Turner said.
“But in other parts of the world, boards are far more active in thinking about growth opportunities and how their industries are being reshaped.”
Board membership was also concentrated to a far too small group of people in Australia. Of the ASX100, a total of 105 directors represented 34 per cent of the total directorships, making it a “tight knit group”.
“Silicon Valley has a lot of faults, but one thing it does very well is to diffuse knowledge, and it does that through its board structures,” he said.
“There’s this cross-fertilisation of knowledge and diffusion of knowledge. Right now we don’t have that [in Australia].”
Boards should also be the place to formulate and drive the discussion around cyber security.
“That has to be a board-level discussion. It’s not a technical issue as much as a cultural and organisational issue. It’s all about communications, and making sure there’s clearly understood methodologies and reporting mechanisms,” he said.
Cyber security advisor and former auDA director Rachael Falk also said Australian boards also had a gender diversity issue, along with a lack of age diversity.
“There’s a lack of female representation on boards in this country. This is definitely a pipeline issue, and it’s also a now issue.
“This isn’t something we should fix in 10-15 years, the answer is pretty much with us now,” Ms Falk said.
“Diversity isn’t easily cracked by attending a gender bias course. It’s an issue that is all around us and we need to wake up to it,” Ms Falk said.
“Our Australian boards are not full of cutting-edge millennials or innovative young digital thinkers. We need to crack this open.”
Ms Falk said to beware of “pink-washing”, where companies boast about improved gender diversity metrics, without making real cultural and organisational change.
“A lot of large companies are putting out terrific metrics around how they’re getting women into boards and managerial roles. But that’s just metrics, and metrics don’t equal diversity. It needs unpacking,” she says.
“We need women around the table – we are part of the population, we do bring diversity and we are all around you. There’s something all of you can do about this.”
Telstra’s Asia-Pacific chief information security officer Berin Lautenbach agreed with Mr Turner’s view of Australian boards, but added that cyber professionals were also failing to communicate the real issues to these boards, often focusing on the technical aspects while neglecting the overall narrative
“We as an industry are not good at engaging with the board. We still can’t have a cyber conversation with the board. We need to work much better about having a narrative conversation with the board,” Mr Lautenbach told the conference.
“We don’t actually have a lot of people that have that skillset,” he said.
Mr Turner also offered a cautionary note on cyber security insurance and the risk of complacency at a board level in Australia.
“If we look at cyber security insurance today it’s not actually pricing the risk of a cyber event, it’s more like a certification that you’ve followed a particular path and set of processes,” he said.
“As a board you need to understand that if you look at the percentage of payouts for cyber policies, the full payout is very, very low. Boards shouldn’t be lulled into a sense of security that because they’ve got insurance this risk has been mitigated, because it hasn’t.”
Mr Turner offered a series of questions that any Australian board should be able to answer on cyber security.
“Which senior leader is responsible for leading and monitoring the cyber security strategy? Are they reporting the progress to the board?
“Are there business continuity plans in place and have they been tested? Are you continually having a conversation about what the critical data assets inside the organisation are and how well they are protected?” he said.
“If this is done well then this is an enormous business enabler and will instill trust and confidence for customers to do business with the company.”