I’ve always dabbled in Board Advisory roles, even when working for major IT integrators, because consultancy at a senior level, often crosses that boundary.  The bigger companies will often value having independent advice, although I have found it’s not always welcomed by their in house IT/Cyber team, who can become quite defensive.  The more experienced of them do see the value, even if it’s only validating what they have already put forward as a solution to a particular problem.  And they often use a Board advisor to craft the boring bits, around strategy and policies.  And I’m OK with that.

When we set up H2 to service the SME sector, we naively thought that they’d welcome an advisor who could guide them through what can be a difficult minefield.  It was a bit of an eye opener that SMEs don’t see the value in this at all.  In fact, what they see is a drain on resources.  It’s a little strange because they are very happy to spend money on getting advice from their local IT company that supplies, and often manages, their IT infrastructure, but who are also focused of selling a product set, dressed up as a solution.  Now, I know that that will upset some IT providers and I’ll water my comments down a little by saying I’m referring to Cyber Security which is a distinct discipline which many nibble around the edges without any in depth knowledge or experience. 

So, what does a Board Advisor do? 

Board Advisors help to guide businesses but are not legally authorised to bind them. As companies establish themselves, moving from an idea to a fully structured and realised organisation, they typically prepare for full operation, sales, and/or fundraising, and in my case, Cyber Security.

As they begin these processes, experts in the field – including mentors or specialists brought into the organisation by a mentor – become hugely valuable as the organisation works to achieve its goals. Advisors are key assets, and it’s crucial to formalise exactly what they will provide, their availability, who they can introduce you to, and how much time they can give you – as well as how they will be compensated in exchange for these services.  A board advisor can help fill in any gaps in your team in terms of both experience and expertise. They can also help you bring in new team members and sometimes sources of funding as opportunities allow. Most crucially, they can do all of this while giving you time to think about what you need to be doing to grow your business, or just get it and keep it, running.

Board Advisors are also far more flexible, offering services either on an ongoing basis, in parallel to a Board of Directors, or as part of your transition into a formal, Board-run business.  In other words, they are not full time employees, but work on a part time basis where you pay them for their time, bounded as you see fit.

How does a board advisor add value?

In terms of cyber security, a Board Advisor is an experienced cyber security professional who provides advice and support to a business’s leadership without sitting on their Board. They provide counsel based on their prior experience in this field to help the Board make decisions, especially when faced with unfamiliar challenges.  And most challenges in the field of Cyber Security will be unfamiliar to them. 

When working as an advisor it is essential that we are excellent coaches and can demonstrate our deep knowledge of the subject.  We need to take both their board members, their in house IT teams and IT users, getting them onside and letting them know that we are there to enhance their knowledge and skills, we are not their enemies.  We must also be prepared to work with any IT company they may have under contract, although that can be a bigger challenge.

Summary

Having a Board Advisor who can mentor the leadership team and other employees, either on a retainer or paid for actually hours worked, can be a great boon for an SME.  Just having someone who can debunk the myths and devise strategy, training programmes and advise on cyber risk, is something that any SME management team should value.