Asking around: What will the boardroom be talking about in 2024?

Despite CEOs saying it hundreds of times in earnings calls this year, the topic of AI didn’t necessarily appear on boardroom PowerPoint slides in 2023.

Almost one-half (44%) of surveyed members of the Society for Corporate Governance said AI-related topics had not been on the board-committee meeting agenda at all to date, according to an October survey from Deloitte.

That number is likely to change in 2024, according to industry pros who spoke with IT Brew this month.

“Understanding and directing what parts of the business will be most impacted with AI in terms of both efficiency or capability: That will be something I think that would be on top of the board’s mind,” said Fayyaz Makhani, global security architect at the IT service management company VikingCloud.

When IT Brew asked around, “What will be the most popular IT topic discussed in boardrooms in 2024?” many had plenty to add about AI. Here’s a roundup of responses:

Bernard Brantley, CISO, Corelight: I think what is actually going to be discussed, or where the most value is going to be found, is in deriving strategies around effective usage, and value outputs from the implementation of [large language models] within these enterprises versus just the pure play: Am I going to allow it or not?

Merritt Baer, field CISO, Lacework: Let’s say that we are a med device company: Are we going to allow the generative AI to make predictions for our downstream customers? What are we going to allow generative AI to do from a coding-base perspective? Or what are we going to allow them to do around app sec, and review of code. And of course, remember that any training data that you put in is now ingested in this engine.

Jon Marler, manager and cybersecurity evangelist, VikingCloud: People start using these AI technologies, and they look at companies like OpenAI and their ChatGPT; they have a cloud service for that. But once you dig into the terms of service, you start to find out, “Oh, if I’m feeding them a whole bunch of data, they now own that data. And I don’t own that data anymore.”

Nabil Hannan, field CISO, NetSPI: The algorithm doesn’t know how to determine what’s private or what’s public; they don’t know how to determine what’s [personally identifiable information] and what’s not; they don’t know how to determine what’s confidential, versus what’s proprietary. And if you don’t have the right data inventory and classification, you’re going to have some pretty far-reaching side effects from a cybersecurity perspective, because these technologies are going to really be exposing potential data and [result] in incidents and breaches…The discussion really has to be: Are we going to be introducing AI and machine learning into your day-to-day operations and business? And depending on how you’re doing so: is your data ready to be part of an AI solution?

Marler: We’re always thinking about: Will AI take over the world? Will it make decisions that kill humans? Will it do all these bad things? Will it make bad decisions? Very few people are thinking about: What happens when I put critical information about my business into a platform that’s making decisions, and then who owns that at the end of the day? It did come up in the Hollywood strike…“If I let you record my face, who now owns that? Do I own that? Or do you own that? And what can you do with it afterwards?” [Hollywood is] thinking about it. But they’re not thinking about it in the boardrooms when they’re talking about IT.