For the past several years, leaders across Asia, and particularly in economies that have endured compounded shocks, have been singularly focused on stabilisation. They have worked relentlessly to repair balance sheets, restore disrupted operations and rebuild confidence among investors, customers, employees and citizens. Recovery has been their mission.
That work has been necessary. In many cases, it has been heroic, as Dr Ramesh Shanmuganathan, Executive Vice President / Group CIO at John Keells Holdings PLC and Director/CEO at John Keells IT, says in this conversation with Echelon.
But leadership is not ultimately judged by how well it responds to a crisis in the moment. It is judged by what it leaves behind once the urgency fades. That legacy, he says, will not be measured by recovery alone, but by whether leaders used this period to build organisations that can withstand future shocks, including those they cannot yet see.
That quality is resilience. And resilience, he says, rests on a conversation that many boards have postponed for far too long.
As organisations stabilise, what critical governance blind spot is still being overlooked in the boardroom?
There is a noticeable change in boardrooms across the region. The anxiety that characterised the early phases of recent crises has gradually hardened into resolve. Conversations are more measured now, more disciplined. Agendas are structured around familiar themes: financial repair, operational efficiency, regulatory compliance and stakeholder reassurance. Metrics are improving. Progress is being tracked. Confidence, slowly, is returning.
Yet beneath this surface stability, a more fundamental issue remains largely unaddressed. It is not about whether organisations are using technology—that debate is long over. Every modern enterprise is digital by default. The real question is whether we are governing that digital foundation with the same seriousness, intentionality and maturity that we apply to finance, risk or strategy.
This is an uncomfortable conversation. It cuts across organisational silos and exposes ambiguity in accountability. It challenges long-standing assumptions about delegation and expertise. Most critically, it forces boards to confront a difficult truth: while digital innovation has accelerated dramatically, the governance structures surrounding it have not kept pace.
I describe this disconnect as the Boardroom Blindspot and the Stewardship Gap. It is the widening space between what our digital systems are capable of doing and the depth of stewardship required to ensure they remain trustworthy, resilient and aligned with long-term value creation. This gap is not a failure of technology. It is a failure of leadership attention.
In an age defined by asymmetric cyber threats, opaque algorithms, complex vendor ecosystems and deeply interconnected digital infrastructure, this blind spot increasingly determines whether an organisation merely survives disruption or genuinely endures through it.
Why do traditional governance models succeed at recovery but struggle to deliver true resilience?
To understand why this matters, we must first separate two concepts that are often conflated: recovery and resilience.
Recovery is restorative. It is about returning to a known, previously stable state—repairing finances, re-establishing supply chains, restoring brand trust and regaining operational control. Traditional governance models are well designed for this purpose. They are rooted in centuries of financial oversight and operational discipline, built to identify deviation and correct it.
Resilience, however, is anticipatory. It is not about returning to the past, but about remaining viable through an uncertain future. Resilience assumes that disruption will continue, that shocks will arrive from unexpected directions at unexpected speed, and with compounding effects. Crucially, resilience cannot be audited into existence after the fact. It cannot be achieved through quarterly reporting alone. It must be deliberately designed into the architecture of the organisation.
Today, that architecture is overwhelmingly digital. Digital platforms underpin supply chains, customer relationships, financial systems, decision-making processes and even organisational culture. As a result, digital governance is no longer a subset of IT management. It is the primary environment in which resilience is either built or eroded.
When digital governance is treated as a compliance obligation or technical afterthought, organisations are effectively constructing sophisticated enterprises on unsurveyed foundations. They may perform well in calm conditions, but their behaviour under stress becomes dangerously unpredictable.
How has Asia’s rapid digital acceleration reshaped accountability in the boardroom?
Asia’s economic transformation has been driven by speed. We embraced digital leapfrogging. We built mobile-first economies. We enabled fintech ecosystems that connected millions of people to services almost overnight. This acceleration was not accidental—it was strategic, ambitious and often necessary.
But speed has consequences, particularly in the boardroom. As technology becomes more complex, it becomes both easier and psychologically comforting to believe that accountability can be delegated along with execution. Faced with cloud architectures, artificial intelligence models, cybersecurity threats and rapidly evolving regulations, boards often default to a familiar refrain: this is specialised; we have capable executives and vendors to manage it.
CIOs and CTOs are entrusted with delivery. Risk committees receive summarised reports. Dashboards indicate status. External partners provide assurance. Yet this creates a subtle and dangerous illusion: that responsibility has been transferred. In reality, activity can be delegated; accountability cannot.
No board would ever say that financial integrity belongs solely to the CFO. Directors remain actively engaged because they understand that financial health is existential. Today, digital health is just as existential.
When a data breach undermines customer trust, when a biased algorithm triggers reputational damage, or when a critical technology provider fails, the questions that follow are never purely technical. Stakeholders do not ask which system failed or which vendor was at fault. They ask who was accountable.
The board’s responsibility is not to configure systems or select encryption standards. It is to ensure that ownership of digital risk is explicit, empowered and continuously exercised—not assumed, deferred or obscured.
Where does weak digital stewardship most commonly surface inside complex enterprises?
Across Asia, rapid digitisation has created a landscape of latent risk. In many organisations, including highly sophisticated ones, similar patterns emerge.
First, fragmented digital foundations: department-led transformation initiatives, often launched under pressure to move quickly, result in complex and loosely integrated system landscapes. These environments function adequately under normal conditions but become fragile during integration efforts or crises.
Second, data without stewardship: vast repositories of customer, operational and transactional data exist, yet ownership is unclear. Who is responsible for its quality, ethics, security and long-term value? Is it governed as a strategic asset or tolerated as an unmanaged liability?
Third, vendor concentration risk: in pursuit of efficiency and scale, organisations increasingly rely on a small number of external providers for critical services. While this is not inherently wrong, it creates single points of failure that are rarely examined at the board level through a resilience lens.
Finally, an emerging AI governance vacuum: machine learning models are being piloted and deployed to optimise logistics, pricing, credit decisions, recruitment and more. Yet the ethical and accountability frameworks governing these systems often lag far behind their technical implementation.
These are not IT issues. They are governance outcomes—the result of decisions about risk, priority and value that were made implicitly rather than explicitly. They represent the Stewardship Gap in action.
What should digital governance mean for Sri Lanka?
For Sri Lanka, this conversation carries particular urgency. As the country seeks to rebuild confidence and attract investment, digital infrastructure will play a central role in shaping perceptions of credibility and competence. Global investors, partners and citizens will not only assess technical capability, but digital maturity—the degree to which systems are governed predictably, transparently and responsibly.
At its core, digital maturity is about trust. Trust is the defining currency of the digital age. It is harder to earn and easier to lose than ever before, and it is not generated by features or innovation alone. Trust emerges from governance—from clarity of accountability, consistency of behaviour and visible stewardship.
When a citizen uses a digital public service, a customer engages with a financial platform, or an investor reviews cyber-readiness disclosures, they are asking an implicit question: is this system worthy of my trust?
The board’s approach to digital governance is the most tangible answer to that question.
How can boards shift from oversight to true digital stewardship?
Closing the Stewardship Gap requires a shift in posture.
Oversight is passive. It asks whether processes were followed and controls were met. Boardroom stewardship is active. It asks whether the organisation is being shaped to endure. It looks forward.
This shift becomes visible in the kinds of questions boards ask, and the time they are willing to spend asking them. Stewardship asks whether technology decisions are increasing optionality or creating dependency; whether digital architectures are enabling adaptability or locking the organisation into fragile configurations; and whether today’s efficiencies are coming at the expense of tomorrow’s resilience.
In practical terms, this shift involves five deliberate actions.
First, boards must elevate digital governance to the full board agenda, framing it as a discussion about resilience and trust rather than narrow cyber risk.
Second, boards should demand transparency without technical immersion. Clear accountability, worst-case scenarios, testing frequency and fallback strategies must be articulated in plain language.
Third, boards must explicitly assign executive accountability for cyber resilience, data stewardship and algorithmic responsibility—and ensure these roles are properly resourced and empowered.
Fourth, organisations should stress-test digital resilience, just as they stress-test financial models. Scenarios involving outages, breaches and vendor failures reveal governance quality far more effectively than static reports.
Finally, boards must invest in their own digital literacy. This is not about technical mastery, but about understanding how emerging technologies reshape risk, ethics and business models.
What impact does AI have on a board’s responsibilities?
Artificial intelligence intensifies every aspect of the stewardship challenge. For the first time, organisations are deploying systems that learn, decide and act with meaningful autonomy. Algorithms now influence decisions that affect livelihoods, access to services and organisational culture.
When an AI system acts, responsibility does not disappear—it concentrates. Boards must ensure governance frameworks that address explainability, fairness, human oversight and impact assessment. These are not technical questions. They are questions of ethics, fiduciary duty and leadership.
Governing AI is not about slowing innovation. It is about ensuring that innovation remains aligned with organisational values and societal expectations.
What happens when boards delay closing the Stewardship Gap?
The cost of the Stewardship Gap is rarely immediate or visible. It accumulates quietly as technical debt, strategic rigidity and gradual erosion of trust. Then, inevitably, a trigger event occurs—a breach, an outage, an algorithmic controversy. At that moment, resilience cannot be retrofitted. It is simply tested, and often found wanting.
Closing the Stewardship Gap is not an expense. It is an investment in confidence—the premium paid to avoid moments of catastrophic revelation.
Should leaders be more cautious as they navigate the digital future?
This is not a call to fear technology or slow progress. It is a call to match innovation with intention.
The steward’s mindset is calm, deliberate and forward-looking. It recognises that while no leader can predict every storm, they can design organisations that remain seaworthy under pressure. This work is rarely visible. It happens in boardrooms, committees and rigorous questioning. It does not generate headlines. But it is precisely this work that allows bold strategies, growth ambitions and recovery plans to endure.
The digital future is not waiting for governance models to evolve. It is already here. The only remaining question is whether today’s leaders will be remembered as those who harnessed its power responsibly, or those who failed to govern its profound responsibility.
The stewardship choice is ours. And the time to make it is now.