Increased cyber security risk to boardroom communications: global survey

Corporate boards are increasingly being exposed to cyber security risk and company boards lack security structures to protect board information, note results of a global survey released Tuesday.

Boards continue to communicate through unsecure means, notes findings from the annual corporate governance survey from Thomson Reuters Accelus.

The more than 200 corporate and company secretaries taking part in the survey – located across Europe, the Americas, Australia, Asia, Africa and the Middle East – represent firms from a wide set of industries.

The survey revealed that boards have minimal measures in place to prevent a security breach, one in 10 organizations had a board member who either lost or had his/her computing device stolen, and 5% of organizations had sensitive board materials left in a public place, notes a statement from Thomson Reuters.

This is despite 67% of polled corporate boards reporting they are very concerned about cyber security risk. Other survey findings include the following:

• 60% of organizations never or only occasionally encrypt their board communications (possibly leaving board communications liable to hacking and their organization at risk of a serious data breach), and only a quarter indicated they always do so;
• 43% of respondents always or regularly use non-secure commercial e-mail accounts to send board information to board members;
• 51% of organizations do not utilize a secure purpose-built board portal;
• a third of organizations continue to print and courier materials to board members, and 56% of board members still carry around board documents;
• 60% of organizations are not confident or are unsure if their board members destroy sensitive printed board documents (only 28% of respondents say they are confident board members dispose of these securely); and
• just 32% of board frequently or very frequently request cyber security information.

Speaking to the last point, Phil Cotter, managing director and head of risk for Thomson Reuters, says this “leaves significant uncertainty around their (corporate boards) ability to effectively oversee security management, particularly if they aren’t taking steps to keep fully informed on security matters.”

Private computing devices are now commonly used by most board members for board communications, with just one-third of them being provided by the company itself. Beyond the increase in using private devices for board communications is the increase in these devices being stolen or lost.