Theory is one thing, but how can boards effectively implement cyber governance and broader technology oversight in practice?
In this podcast, Dr Sabine Dembkowski, is joined by Susanne Alfs. Susanne is a Non-Executive Director and Senior Technology Executive specialising in cyber governance and board-level technology oversight. Bringing both the NED lens and her executive leadership experience, Susanne helps boards translate complex cyber and technology risks into business trade-offs and investment decisions. Previously, she chaired the Group Board Technology Committee of a bank, strengthening oversight of cyber resilience and technology risk. Now, as the founder of Cyber4Directors, Susanne advises boards and senior leadership teams on strengthening cyber resilience, improving board reporting, and shaping effective technology and business dialogue.
“I find in too many boards, there is an unspoken hesitation. Some directors worry they are not technology savvy enough to challenge the technology team, and that hesitation can quietly shift the dynamic in the boardroom.“
Susanne realises boards are very human. Members hesitate to ask certain questions or push conversations because they worry about their technical knowledge, which compromises meaningful business impact and risk discussions.
What helps? Susanne recommends that boards approach technology with the same rigor as finance or strategy discussions. Don’t let insecurities block conversations or let the tech group overwhelm the board with acronyms. Keep the focus on business impacts and risk assessment to steer discussions and shape priorities.
“The first point is to work as a team.”
Technology oversight and governance must be a team effort. Just as finance audits aren’t left to one person, boards shouldn’t delegate cyber or technology responsibility to a single individual.
In practice, this can mean sharing questions with technology teams ahead of meetings, explaining or banning acronyms, and encouraging IT teams to collaborate more closely with business leaders to support meaningful board discussions.
Susanne emphasises that effective teamwork depends on clear communication and a shared language, rooted in cyber governance or project delivery terms. She also recommends using corporate secretaries as gatekeepers for board packs, ensuring technical material is simplified for effective discussion.
“No board should ask for the cyber security team or the technology team to keep them safe, or the organisation safe, because no one is safe and you can't avoid incidents.”
When Susanne hears a board asking for total safety, she recognises that this simple language communicates unrealistic expectations.
She also recommends breaking down technology projects into shorter sprints. This sprint approach helps the board avoid preventable deviations and reduces the overwhelm of technology project management.
The three top takeaways:
1. Work as a team. No board should have just one person focused in this area.
2. Establish a common language, from cyber governance language or project execution frameworks, so that the board and executives can communicate clearly in a shared language.
3. Get external assurance if you are not comfortable with the practices
Come Join The Better Boards Community
We’d love to get to know you! If you’d like to become part of the Better Boards community, discover our unique approach, and explore ways to work with us or share your ideas on The Better Boards Podcast series, drop us a line at info@better-boards.com.
