The Rise of Technology During the Pandemic – A Double Edged Sword

The impacts of COVID-19 are continuing to be felt across all industries and the charity and not-for-profit (NFP) sector is no exception. Sudden lockdowns and disruptions to service delivery forced charities and NFPs to embrace technology as one of the only ways forward.

Whilst technology can improve efficiency, foster collaboration, expand opportunities for growth and help organisations better deliver services, it is a double-edged sword. Cybersecurity incidents have soared during the pandemic with charities and NFPs being a prime target. Further, directors’ duties have expanded to include matters relating to technology.

COVID-19, technology and cybersecurity

The emergence of the pandemic presented a myriad of challenges, with 95% of NFPs reporting their service delivery had been affected.¹ Operational limitations and fundraising shortages were a few of the challenges faced by charities and NFPs. There has unsurprisingly been a sharp increase in NFPs adopting Information and Communications Technology (ICT) since the beginning of the pandemic. In a report released last year, 69% of NFPs reported they have moved, or are in the process of moving, to the cloud, being an increase from 58% in 2020.²

The pandemic has exacerbated cyber risks with charities and NFPs presenting a lucrative target for cyber criminals. Funding shortages, stay-at-home measures and the increased use of personal devices caused by the pandemic has meant that charities and NFPs must remain hyper-aware of the cybersecurity risks. The most common form of cyber-attacks on NFPs are phishing and malicious emails. In 2017, NFP organisation Save the Children was scammed almost US$1 million by a hacker posing as an employee, who tricked the organisation into transferring the money to a fraudulent business in Japan.³ More recently, in January 2021, Oxfam Australia was the victim of a cyber-attack after hackers accessed its database containing names, phone numbers and, in some cases, bank details of its supporters.⁴ Cyber-attacks not only have devastating impacts financially, but can also damage the reputation of an organisation. Therefore, it is crucial that boards are aware of the importance of cybersecurity within their organisations.

Why embrace ICT?

Every single charity and NFP organisation is, by its very nature, an innovator.⁵ It only exists because it identified a need and formulated a solution to the problem. Therefore, it should come as no surprise that technological innovation is a key ingredient to the recipe of a successful charity or NFP organisation. Throughout the pandemic, organisations were forced to embrace technology to cope with disruptions and adapt to the ‘new normal’. It is imperative that charities and NFPs continue to capitalise on the latest technological innovations in a post-pandemic world.

Digitisation of services can allow charities and NFPs to operate more efficiently and cost effectively, helping to find better ways to deliver services. Embracing ICT can enable charities and NFPs to scale their services and extend their reach, bringing greater awareness to their mission. Donors that help fund the activities of charities and NFPs often want to know where and how their money is being invested. Data collection and analysis technology allows organisations to be accountable and transparent. Technology can also streamline reporting and compliance procedures. Maintaining innovative momentum through ICT is crucial for organisations to fuel growth and remain competitive.

Directors’ Duties

Whilst embracing innovation and ICT undoubtably brings opportunity, it is imperative that directors consider the legal implications that follow this digital transformation. Where technology is an integral part of an organisation, directors’ duties have expanded to include matters relating to ICT. Most relevantly, a director’s duty to exercise powers with due care and diligence now extends to the use of ICT where poor oversight of such projects can lead to a breach of this duty. It is crucial for boards to understand this duty in the context of a digitalised post-pandemic world in order to avoid potential civil and criminal liability for breaches.

When determining whether there is a breach of the duty of care and diligence, courts will consider what a ‘reasonable person’ would do if they were in the position of a director in the organisation. For example, courts may consider the fact that charities and NFPs may have fewer resources to allocate towards cybersecurity, however, this does not mean that directors of such organisations are absolved of liability. The duty of reasonable care and diligence may be raised if a director declares having a particular skill, such as ICT expertise.⁶ However, in Australian Securities and Investment Commission v Rich (2002) 44 ACSR 341, the duty of reasonable care and diligence could not be lowered by a general lack of experience or skills. In the context of cybersecurity, if a director fails to establish adequate data protection measures to protect the organisation, there may be exposure to breaching this duty.

Bringing ICT to the boardroom

Digital leadership emanates from the top. It is important that boards regularly review and elevate innovation on the boardroom agenda. Building a digitally smart board does not require every director to be an ICT expert. However, it is important that there be a degree of digital literacy on the board to capitalise on ICT opportunities and assess ICT related risks. Bringing ICT to the boardroom may be achieved through upskilling existing directors so that they are digitally conversant, recruiting a board member with expertise in ICT, forming an ICT board committee or obtaining external ICT advice.

Budgets are often a primary concern for charities and NFPs and there can be reluctance to allocate funds to cybersecurity. As discussed, charities and NFPs are often targets for cybercrime and implementing appropriate ICT systems and governance structures to mitigate cyber risks can be imperative for the survival of the organisation.

Now more than ever, boards need to ensure they have a proper ICT governance framework that governs how ICT can be used effectively to achieve organisational goals. A framework enables boards to understand ICT use within the organisation as well as providing some confidence to stakeholders. Proper governance allows charities and NFPs to mitigate cybersecurity risks and avoid inadvertent failure to comply with legal responsibilities. Amongst other things, boards must consider whether an ICT governance framework is visible within the organisation and whether there is effective communication with directors and stakeholders regarding the effectiveness of ICT in supporting and sustaining organisational objectives.

Key takeaways

• The pandemic has taught us that boards must have a willingness to embrace technology and invest in innovation to stimulate growth.

• As technology is an integral part of an organisation, directors’ duties have been expanded to include matters related to ICT.

• Boards must ensure there is some degree of digital literacy on the board.

• A proper governance framework for ICT helps directors to understand ICT use in the organisation, provide confidence to stakeholders and mitigate ICT related risk.

• The success of technology in charities and NFPs depends upon the ability of directors to both embrace innovation and ensure proper governance.

This article was first published in the 2022 Better Boards Conference Magazine.

Further Resources

How to run remote board meetings securely and effectively

Information Flow is the New Cash Flow

Technology for Innovation and Development