The MINED Focus Point: Board Oversight in the Age of Generative AI & Cybersecurity Risk brought together Independent Non-Executive Directors and industry leaders to examine how boards must evolve in response to rapid technological change.
Organised by the Malaysia Independent Non-Executive Director Association (MiNED), the session included insights from Desmond Teo, CEO and founder of Enzo Plus, alongside other industry leaders. It reinforced a critical truth: cybersecurity and technology risk are no longer IT issues—they are board-level responsibilities.
Generative AI: Power and Risk
Speakers highlighted both the opportunities and risks of Generative AI.
From lecturers noting identical student responses to AI shaping daily work habits, it’s clear that AI drives efficiency but also introduces systemic risk. Real-world cases including ransomware, AI-generated CEO voice scams, and supplier email fraud, brought these risks into sharp focus, demonstrating the potential enterprise-wide impact of technology misuse.
Governance Beyond Metrics
Discussions grounded in RMiT and Bank Negara Malaysia guidance underscored that risk is more than percentages.
For example, a seemingly small difference between 99.95% and 99.97% uptime can translate into meaningful business exposure. Service Level Agreements (SLAs) are not just technical metrics—they are statements of resilience and accountability at the board level.
Leadership Matters
Technology is powerful but it is not perfect. Information can be altered, assumptions can fail, and blind reliance creates exposure. The session emphasised the need for leadership development, including:
- Empowering women in tech and preparing future board members
- Supporting SMEs to strengthen resilience despite limited capital
- Encouraging boards to move from passive oversight to informed challenge
Key Takeaways
- AI and cyber risk now sit squarely with the board, requiring active engagement and accountability.
- Directors must understand regulatory and insurer expectations around board oversight.
- Cyber resilience extends beyond prevention. It encompasses financial, legal, and reputational preparedness.
- The most effective boards ask better questions, demand clearer answers, and strengthen governance in a rapidly evolving digital environment.
