Boards, data and governance focus

Boards are spending more time on strategy execution than on data and artificial intelligence oversight, even as governance groups press directors to tighten control of data risks. (nacdonline.org) The National Association of Corporate Directors said on December 11, 2025 that more than 60% of boards named strategy execution as the top oversight improvement area for 2026. The group also said more than 60% of boards are increasing strategy discussions during meetings and more than 40% are increasing engagement between meetings. (nacdonline.org) That survey was conducted in late October and early November 2025 and drew on 340 responses in the 2026 Governance Outlook. In a separate 2025 public-company survey, NACD said 201 people who serve on or support public company boards responded between May 8 and June 2, 2025. (nacdonline.org, nacdonline.org) At the same time, KPMG and INSEAD released AI Governance Principles for Boards on April 14, 2026 that tell directors to treat AI as a board-level issue tied to strategy, operations and the board itself. KPMG said its latest Global AI Pulse Survey found nearly three quarters of boards are perceived to have only moderate or limited AI expertise. (kpmg.com) The KPMG-INSEAD report says boards need clearer oversight of how AI decisions and human decisions work together, with transparency around both. The report also says AI agents now “plan, act, learn and collaborate with growing autonomy,” pushing boards to speed up oversight cycles that used to move more slowly. (kpmg.com) NACD’s own research points in the same direction. In a July 28, 2025 analysis, NACD said more than 62% of director respondents now set aside agenda time for full-board AI discussions, but it also said governance practices still lag that increased attention. (nacdonline.org) NACD’s guidance for directors says the board’s early AI conversations usually start with strategy, value creation, cost savings and competitive advantage, then move to budgets, cybersecurity threats and workforce effects. That sequencing helps explain why boards can say AI matters while still giving more meeting time to execution, capital allocation and talent. (nacdonline.org) Regulators have also pushed data oversight higher on the agenda. The Securities and Exchange Commission adopted rules in July 2023 requiring public companies to disclose material information about cybersecurity risk management, strategy and governance, including the board’s oversight of cyber risks, in annual reports. (sec.gov) KPMG’s board leadership group has argued that directors should test the adequacy of the company’s data governance framework, its artificial intelligence controls, its cybersecurity processes and the way board committees divide oversight. That approach treats data less like a back-office asset and more like a source of enterprise risk and corporate value. (kpmg.com) The immediate question for directors is not whether data belongs in the boardroom; NACD, KPMG, INSEAD and the Securities and Exchange Commission all say it does. The open question is whether boards that are concentrating on execution are building enough time, expertise and structure to oversee how companies collect, secure and use data. (nacdonline.org, kpmg.com, sec.gov)