The most dangerous moment in a boardroom is not when something looks wrong. It is when everything looks right.
A board was reviewing a model estimating its annual cyber risk. The dashboard produced a clean number. The board was ready to sign off.
Then one director asked a question that wasn’t on the script.
What is missing from the model?
It turned out the quantified risk excluded more than 300 privileged vendors and thousands of IoT point-of-sale devices across the retail network. They sat entirely outside the infrastructure model that produced the number.
The room went quiet.
Not the quiet of disagreement. The quiet of recognition.
The model was mathematically precise, but contextually blind.
This is how Governance Drift takes hold. Not in organisations that are careless, but in organisations that believe they aren’t.
The board hadn’t failed its process. It had trusted the process more than its own judgement. That distinction matters.
And if that question had not been asked, the number would have stood. Material risk would have been governed as if it did not exist.
The more AI drives the analysis, the cleaner the number looks and the harder the question becomes to ask. The model will increasingly feel like the answer.
But it is still only a representation.
What the board is seeing is not the decision.
It is the output of a decision pathway.
The most powerful thing a board can do is not find a better algorithm. It is to ask the question that is not on the script.
When was the last time your board challenged a clean number not because it looked wrong, but because it looked too right?
