A Take on EY’s “Americas Board Priorities 2023: How to Build Resiliency in Uncertain Times”- Peter Waziri

3 min readJun 22, 2023

Part 5: Overseeing Cyber Security and Data Privacy

From a Healthcare Industry Perspective

The EY Center of Board Matters published an interesting report on building resiliency in uncertain times and highlighted 5 board priorities for 2023.

Reading this report from a healthcare industry perspective was interesting and gave me a lot to think about. I am sharing my thoughts in a series of five articles.

In this fifth article of the series, I will explore the topic of overseeing cybersecurity and data privacy.

According to EY, the level of cyber risk continues to multiply. Contemporaneous trends such as expansion of digital transformation, flexible working, and disruptive technology only compound this risk. Geopolitical trends such as the war in Ukraine and China-Western decoupling are also key influencers.

Healthcare company boards should consider:

Healthcare boards should elevate the seriousness of cybersecurity. The expansion of digital transformation, flexible working, and the adoption of disruptive technology only serves to elevate this risk. These trends also increase the potential for greater vulnerability of a personal health data breach. Boards could urge management to use this as a strategic opportunity to position the company as a trusted business partner by supporting discussions that instill cybersecurity not just with CTOs, CIOs and CISOs, but as part of the DNA of the entire organization. The goal is to embed cybersecurity via a “trust by design” philosophy with regards to new technology, transformational care practices, and operational arrangements.

The fact that cyber risk has become more weaponized from a global and geopolitical perspective adds more urgency for the board to elevate this risk. For example, it can ask management to consider treating it not just as part of enterprise risk but consider it as a potential disaster situation and plan accordingly.

When it comes to cybersecurity and data privacy, boards also need to take a longitudinal and historical view due to the steady levels of M&A activity in healthcare. This result is combinations of several technology systems (both legacy and new) which are time-consuming and costly to integrate at the best of times. The often results in what is known as technical debt or the lack of upkeep of older legacy systems. Boards should be aware of this to ensure proper adjudication of the monetary value of cyber risk and mitigating measures such as cyber insurance.




!mpact Magazine is a platform where people with a vision can share their ideas and insights.