What's changed about technology risk
Technology used to be a support function. It kept the lights on, processed transactions and managed internal communications. The decisions it involved – which server to buy, which software to licence – were operational, not strategic. Boards could reasonably leave them to the IT department.
That's no longer the case. Technology is now a primary driver of competitive advantage, operational resilience and regulatory risk simultaneously. A platform decision made three years ago can constrain the business's ability to enter new markets today. A security incident can generate regulatory fines, reputational damage and customer churn in the same week. A poorly scoped software dependency can make a business unsellable when an acquisition opportunity arrives.
These are board-level stakes. The organisations that treat them as IT department concerns are taking a risk the board hasn't formally accepted – because they've never been shown it clearly enough to do so.
The cost of technology decisions made without board input
The examples are consistent enough to form a pattern. An ERP implementation that runs 200% over budget because nobody at board level was actively managing scope – every change request approved by operational teams who didn't understand the cumulative financial exposure. A key-person dependency on a single developer who left with undocumented systems, taking institutional knowledge that took 18 months and significant cost to reconstruct. A data breach that was entirely foreseeable given the security posture – but the board had never reviewed it, so nobody had made the investment case for addressing it.
In each case, the failure wasn't technical. It was governance. The right people weren't in the room when the decisions were made, and by the time they were involved, the options had narrowed considerably.
There's also a subtler cost: missed opportunity. Businesses that don't have technology represented at leadership level tend to make conservative choices by default. They stick with legacy systems longer than they should. They're slower to adopt capabilities that could give them a competitive edge. They invest reactively rather than proactively.
What IT strategy at board level actually means
This isn't an argument for micromanagement. Boards shouldn't be choosing databases or debating software architecture. That's what technical teams are for, and involving non-technical leaders in those decisions usually makes them worse.
What board-level IT strategy does mean: a clear view of the technology landscape, the three-year roadmap, the current risk exposure and the investment required to maintain or improve the position. The board approves strategy and resource; the IT function executes. The division is the same as it is with finance, people or operations – and yet technology is still the function most often left without board-level representation.
Done well, this gives boards the ability to make informed decisions about technology investment, to challenge and approve significant system changes, to understand where the business is exposed and to hold the executive team accountable for delivery. It doesn't require board members to become technologists. It requires them to ask the right questions and receive honest, commercially framed answers.
The questions boards should be asking about technology
If technology strategy isn't currently on the board agenda, a useful starting point is a set of questions the board should be able to answer – and if they can't, that gap is itself the issue:
- What does our current technology enable us to do that competitors can't?
- What can't we do because of technology constraints?
- What are our key technology risks, and what is our current exposure?
- What are we spending on technology and what's the return?
- What would happen if our core systems went offline for 24 hours?
Most boards can answer the first question reasonably well. Many struggle with the second and third. Almost none have a clear, tested answer to the fifth – and that's where the most serious exposure tends to sit.
These questions don't require technical expertise to ask. They do require honest, well-prepared answers from whoever is responsible for technology in the organisation.
How to present IT strategy to a board
If you're responsible for technology and you want to change how your board engages with it, the starting point is communication style. Technical jargon is the enemy of board-level engagement. Not because board members aren't intelligent, but because jargon signals that a topic belongs to specialists – and specialists are best left to handle it. That's exactly the dynamic you're trying to break.
Translate risk into commercial terms. A ransomware attack costs a mid-sized business an average of several hundred thousand pounds in downtime, remediation, regulatory fines and reputational damage. That's a number a board can weigh against the cost of the preventative investment. "We need to upgrade our endpoint security" is a technical request. "Our current security posture creates a seven-figure exposure we could reduce significantly for a £40,000 investment" is a business decision.
Use the language of investment and return. Frame technology spending as you would any other capital allocation: what does it cost, what does it enable, what's the risk of not doing it. Present a three-year roadmap alongside a current-state assessment. Show where you are, where you need to get to and what it costs to close the gap.
Keep it short. A board paper on IT strategy shouldn't run to 30 pages. A one-page summary with a supporting appendix for those who want detail is more likely to be read, discussed and acted on.
Building board-level technology literacy
Most board members have extensive consumer technology experience. They use smartphones, cloud services and productivity software fluently. What they often lack is business technology understanding – how enterprise systems work, how security risk accumulates, how platform decisions create dependencies that play out over years rather than weeks.
This gap is addressable. Briefing sessions, away day content and input from external advisers can build a working understanding of the technology landscape without requiring board members to become technical experts. The investment is modest relative to the improvement in decision quality it produces.
Some boards appoint a non-executive director with a technology background precisely for this reason. Others use external advisers to provide an independent technical perspective at key decision points. Both approaches work. The alternative – hoping that board members will absorb enough technology understanding incidentally – rarely does.
When a fractional CTO changes the dynamic
For SMEs without a senior internal technology voice, the structural problem is straightforward: there's nobody in the leadership team qualified to translate technology into board-level terms, and nobody at board level qualified to ask the right questions. The two gaps reinforce each other.
A fractional CTO breaks that cycle. They can attend board meetings, prepare technology strategy papers and give the board the independent technical perspective it needs to make informed decisions. They're not an internal advocate for the IT department's budget requests – they're a commercially oriented technology leader who can speak both languages and be honest about where the business's technology position is strong and where it isn't.
For many businesses, this is the most efficient route to genuine board-level technology governance. A fraction of the cost of a full-time hire, with the specific capability the board engagement requires.
Starting the conversation
If technology strategy isn't currently on your board agenda, the change doesn't have to be dramatic. A single well-prepared paper – current technology landscape, key risks, three-year direction, investment required – can shift the conversation significantly. It shows the board what they've been missing, gives them a framework for ongoing engagement and creates accountability for following up.
The businesses that do this well don't treat it as a one-off exercise. They establish a regular technology agenda item, they review the risk register annually and they hold the executive team accountable for delivery against the roadmap. Over time, this becomes part of how the board governs the business – no different from financial reporting or people strategy.
Technology is too central to commercial outcomes to be managed below board level. Getting the conversation into the right room is the first step.
Route B helps leadership teams understand their technology landscape and make better-informed strategic decisions. Get in touch.