Technology: it's not just about cyber.

• Author: Chwick, Jane
• Position: DIRECTOR DUTIES - Cover story

Directors are getting a lot of advice on what cybersecurity questions to ask of management, but the increasingly important matter is this: what is the process the board is following to discharge its fiduciary duties regarding the impact of technology? Consider these suggested action steps.

Cyber-attacks on businesses and governments are constantly in the headlines. Corporate boards recognize the severity of this threat and are beginning to ask questions surrounding their company's cyber capabilities. This is necessary, and a good start, but not sufficient.

Assessing and dealing with cyber threats are only a portion of the technology discussion that should take place in the boardroom. The importance of technology to a firm goes far beyond the risk of a cyber-attack. Non-cyber technology glitches have caused companies to declare bankruptcy overnight. Failure to keep up with technology innovation has also led some companies into bankruptcy. More common are examples of system glitches leading to downtime, and lost revenues. There are also numerous examples of increases in revenue as a result of investment in technology. Conversely, a lack of technology investment can result in a loss of revenue opportunity.

It is therefore imperative that corporate boards, as part of their governance responsibilities, look at their companies through a technology lens and ensure that their management teams have an appropriate technology strategy, both to address revenue opportunities and to ensure appropriate risk management.

Frequency and breadth of impact

Let's start with some real scenarios. The cyber examples are numerous and seen on an almost daily basis. Anthem, Target, Home Depot, JP Morgan, Sony have all fallen victim to significant cyber-attacks. But the list is much broader, and the frequency and breadth of impact is increasing. Many think cyber-attacks are merely directed at stealing credit cards or private information. However, the attacks are not limited to just stealing an individual's information; they often result in the theft of sensitive intellectual property. In other cases the attacks have come in the form of brand defamation, i.e., a hacktivist organization may deface a company website or social media page. The cyber-attack may also be done through a denial of service where a group may direct so much fake traffic to a company's site that real business transactions cease.

Many technology outages, or 'glitches,' are not caused by cyber-attacks. An instructive example of a technology glitch causing a firm to quickly lose significant value happened in August 2012 to Knight Capital. Knight Capital was a financial firm engaged in market making and electronic execution of financial products. On August 1 a technology error occurred while installing a new version of the trading system. The mistake caused major price moves on almost 150 stocks traded on the New York Stock Exchange. The glitch caused Knight Capital to buy and sell millions of shares of over 100 stocks in less than 45 minutes. Selling and covering those positions cost Knight Capital over $450 million, which was over four times its prior year's profits. Knight Capital's share price went down over 75% in two days. As a result of that issue, 70% of Knight Capital was purchased by the firms that bailed it out.

But Knight Capital is not the only firm to have faced significant impact from a technology outage. A few years ago the investment firm AXA Rosenberg paid $217 million to cover investor losses from what it called a "significant error" in the computer code for one of its investment models. Many stock exchanges have had to deal with technology issues. Nasdaq faced significant volume of orders in its pre-IPO auction process during the launch of the Facebook IPO. The Singapore Stock Exchange faced three technology-caused outages in 2014. (All details are drawn from published reports.)

Retail firms have also faced their share of non-cyber technology issues. On this past Black Friday, the Best Buy website was unavailable all morning due to record levels of website traffic. In the same month, Comcast Internet and cable customers were impacted by a lengthy outage caused by a problem with a software upgrade.

There are many examples of companies that have profited by staying ahead of the curve in terms of technology strategy and investment. Starbucks reported impressive financial results for the first quarter of 2015: revenues up 13% and earnings up 14%, despite the negative tail winds from foreign currency translation. The stock was up 6.6% on the earnings report and has increased 14% in the six weeks since the results were released. Starbucks CEO Howard Schultz has commented that "the undeniable success of our card, mobile and digital strategies underscore the increasing strength of the Starbucks brand around the world," later adding that the company is "investing in technologies that will help our partners deliver a consistently elevated Starbucks experience to our customers, including introducing technologies to ease and simplify required store tasks, improving access to core business tools and resources and introducing partner apps...." Given the investments in technology, Starbucks indicated that it expects earnings to accelerate to the high end of its 16% to 18% growth target in the second half of the year.

Advice for directors

There is no guaranteed approach for preventing technology-related problems or full-blown crises. However, there are ways to lessen the chance of occurrence, or lessen the impact if an issue does occur. And while there is no magic bullet for finding revenue opportunities or protecting market share through technology, understanding emerging technology trends across industries can help generate ideas for driving new revenue and protecting a firm's current business.

It cannot be expected of directors that there will never be an accounting misstep...