Boards Aim to Balance Growth, Innovation, and Risk Oversight
In the face of economic pressures and geopolitical instability, public-company directors are focusing on driving growth through emerging technologies while maintaining robust risk oversight, according to the 2024 BDO Board Survey. The survey reveals a delicate balance between innovation and risk, with directors planning increased investments in emerging technology and cybersecurity, while also addressing concerns over data breaches and financial fraud.
Polling nearly 250 public-company directors, the survey sheds light on the most pressing opportunities and challenges facing businesses, as well as the strategies they’re developing to manage risks in 2025.
In terms of enterprise risk, the survey found a range of significant risk concerns for the year ahead, including talent acquisition (28%), recessionary declines in demand (27%), and liquidity or access to capital concerns (26%). Other risks included cyber threats/incidents (25%), supply chain disruption (23%), climate change-related risks (22%) and rising health care/employee benefits costs (17%).
Driving Growth Through Emerging Technologies
In the face of economic pressures and geopolitical instability, board directors are setting their sights on growth as the top strategic priority for the year ahead, BDO found. To achieve this goal, they’re doubling down on investments in emerging technologies, including artificial intelligence (AI), to unlock new opportunities for top-line growth and drive efficiencies across their businesses.
Innovation, however, represents a double-edged sword for organizations. While 17% of directors cite advancing the use of emerging technology as a top strategic priority, 27% view lagging implementation as a significant risk. This delicate balance between opportunity and risk is prompting boards to carefully consider their technology investments.
In response to these challenges and opportunities, directors are planning increased investments in key areas. Emerging technology leads the pack with 51% of boards allocating more resources, followed closely by cybersecurity at 41%. These investments reflect the symbiotic relationship between innovation and risk management in today’s business landscape.
Generative AI, in particular, is capturing the attention of board members as a potential game-changer. Nearly a third of directors see its greatest potential in enhancing customer experience (16%) and driving product or service development (15%). Beyond these customer-facing applications, boards are also eyeing efficiency gains in back-office processes and key operations.
As companies navigate this complex technological landscape, boards must strike a delicate balance between fostering innovation and mitigating risks.
“Directors have both the opportunity and responsibility to guide management’s execution of strategy to deliver on sustainable growth metrics while minimizing risk to the organization. For most, the path to achieving these objectives will include investment in emerging technologies to optimize operations and competitive status but not without careful consideration of impacts on the organization,” stated Amy Rojik, national managing principal of the BDO Center for Corporate Governance
Cybersecurity Concerns and Oversight
The average cost of a data breach in the U.S. has soared to $4.88 million in 2024, with nearly half of all breaches involving sensitive customer data, BDO noted. This alarming trend has prompted a significant shift in how organizations approach cyber risk management.
Recognizing the pervasive nature of cyber threats, 37% of companies are transitioning from viewing cybersecurity as solely an “IT responsibility” to a “company-wide responsibility.” This change in perspective reflects the growing understanding that effective cybersecurity requires a holistic approach involving all levels of an organization. Moreover, the gravity of the situation is underscored by the fact that 25% of directors now consider cyberthreats as the most significant risk to their business in the coming year.
The introduction of new SEC Cybersecurity Disclosure Rules has further intensified the focus on cybersecurity governance. These regulations, which took effect in December 2023, mandate that publicly traded companies disclose material cybersecurity incidents within four business days.
In response, boards are taking proactive measures to enhance their cybersecurity posture. Nearly half of the surveyed directors (45%) are pursuing external assessments, such as systems and organization control (SOC) reports for cybersecurity or maturity gap assessments, to bolster their preparedness and program maturity.
Additionally, 41% of boards are improving internal processes and communication channels to report on cyber risk management and occurrences of cyber incidents.
“While boards know it’s virtually impossible to avoid cyberattacks completely, they can encourage constant evolution and focus on risk prevention, identification, and mitigation. By bolstering cybersecurity expertise, collaborating across departments, and transparently disclosing these activities, boards can help drive organizational resilience and increase trust with stakeholders,” stated Ric Opal, IT solutions and strategic partnerships national leader at BDO Digital.
Fraud Prevention and Detection
In an era of rapid technological advancement, financial fraud has become an increasingly pressing concern for businesses worldwide. With over $1 trillion stolen by fraudsters globally in 2023, the need for robust fraud prevention and detection measures has never been more critical, according to the report.
Boards of directors are stepping up to meet this challenge by implementing a range of oversight activities. BDO found that 43% of directors regularly review and discuss compliance materials in board meetings. Also, 41% of boards now actively monitor and investigate whistleblower reporting channels, recognizing their potential to uncover fraud and wrongdoing before it escalates.
The importance of cultivating a strong ethical foundation cannot be overstated. Chuck Pine, Forensics, Legal, Compliance Practice Principal for BDO, emphasizes this point: “An effective culture of compliance — in which the whole organization works together to mitigate the risk of fraud — begins with directors setting the tone at the top.”
View the full survey here. &