This year has seen numerous instances where inadequate compliance controls dominated news cycles, particularly regarding data breaches. However, what often remains unaddressed is how boards of management respond to these compliance lapses and what accountability should look like going forward. More importantly, what new responsibilities do these enlightened boards have in raising awareness, implementing new controls, and ensuring their organisations establish robust reporting mechanisms?
As someone who has received numerous marketing advertisements from regional tertiary institutions promoting short courses on Anti-Money Laundering (AML) training—with some including elements of risk management—these developments are encouraging but insufficient. These courses remain optional and are often excluded from core degree programmes. This raises an important question: Is the absence of general compliance—including AML, cybersecurity, data privacy, and corporate governance—as a core component in university-level business programmes contributing to the governance issues we see today?
Boards and the need for evolving knowledge
Boards are not omniscient entities within organisational structures. Their ability to manage effectively is tied to their scope of knowledge. I’ve seen firsthand how governments structure statutory corporations by appointing board members whose skills are meant to complement management. However, in today’s global business environment, compliance has become a critical requirement, and boards must embody new skills and competencies that encompass the four pillars of compliance: cybersecurity, data privacy, AML, and corporate governance.
Why cyber and data privacy compliance matter
Cybersecurity and data privacy compliance have become crucial aspects of board governance for several reasons:
Strategic Risk Management: Boards have a fiduciary duty to oversee major risks, and cybersecurity threats represent some of the most significant challenges to business continuity, reputation, and financial stability. A single data breach can result in massive financial losses through fines, legal settlements, and reputational damage.
Regulatory Obligations: Directors face increasing regulatory obligations around data protection and privacy, from GDPR in Europe to PIPEDA in Canada and the Data Protection Act in Barbados. Boards must ensure their organisations comply with these evolving requirements to protect shareholder value. The major breach at the Barbados Revenue Authority serves as a stark example of how such failures erode public trust.
Stakeholder Trust: Boards are responsible for safeguarding sensitive data related to customers, employees, and business partners. As organisations digitise operations and leverage data for competitive advantage, cybersecurity and privacy considerations must be integrated into strategic planning.
Personal Liability: Board members face personal liability and reputational risks if they fail to exercise proper oversight of cyber risks and privacy compliance. Courts and regulators now expect active engagement from boards on these issues.
Education’s role in governance failures
Despite the growing importance of digital governance, traditional MBA programmes still focus heavily on traditional topics such as finance, marketing, and strategy. Cybersecurity and data governance are often relegated to electives or brief modules in IT management courses. This approach leaves business leaders unprepared to tackle the governance challenges posed by the digital age.
Educational institutions must do more to integrate compliance education into business curricula. The solution lies in embedding these topics into core courses such as strategic management or operational resilience. These programmes should teach students about key areas such as:
Operational Resilience: Ensuring business continuity under cyber threats through robust backup systems, incident response plans, and continuity measures.
Resource Allocation: Balancing investments in cybersecurity with other business needs while maintaining adequate protection.
Shared regional challenges
The Caribbean faces unique challenges in addressing these issues, as our shared educational structures often mirror each other. This common foundation, while typically a strength, becomes a liability when boards lack proper cybersecurity understanding. Limited knowledge at the board level increases risks by impeding digital transformation in several ways:
Misunderstanding Risks: Boards without cybersecurity knowledge often overestimate the risks of new digital initiatives while underestimating the dangers of outdated systems.
Resistance to Digital Transformation: Viewing cybersecurity investments solely as expenses rather than strategic enablers of growth can hinder competitive survival. Ironically, resistance to digital transformation increases cyber risk by maintaining vulnerable systems.
The Path Forward
To prepare business leaders for the digital age, educational institutions must fundamentally rethink their approach to business education. While short courses and optional training programmes have value, they cannot replace the comprehensive integration of compliance education into core curricula.
Recommendations for educational institutions:
Integrate compliance into core courses: Ensure subjects like cybersecurity, data privacy, and operational resilience are embedded in strategic management courses.
Develop standalone programmes: Create degree-level programmes that focus exclusively on digital governance and compliance for future leaders.
Engage industry experts: Partner with professionals to provide practical insights and real-world applications of compliance in business contexts.
As the Caribbean continues its digital transformation journey, the success of both public and private organisations will increasingly depend on boards that understand and actively engage with compliance and cybersecurity governance. The cost of maintaining the status quo—where these critical competencies remain outside core business education—is unsustainable.
Educational institutions must take the lead in bridging this knowledge gap. By equipping tomorrow’s board members and business leaders with the fundamental skills needed for digital governance, we can ensure that our region thrives in an increasingly complex and interconnected world.
Steven can be reached at Mobile: 246-233-0090; Email: steven@dataprivacy.bb
The post The need to modernise business education for digital governance appeared first on Barbados Today.
