Cyber-Security Risk to Boardroom Communications Rises

A new report found that corporate boards continue to communicate through unsecure means, and have minimal measures in place to prevent a security breach.

it security and it management

Despite a slight decline in the amount of corporate board information being produced each year, boards are increasingly exposed to cyber-security risks, a new research from Thomson Reuters.

Boards continue to communicate through unsecure means and have minimal measures in place to prevent a security breach, according to the study, which is based on a survey of more than 200 corporate and company secretaries across Europe, the Americas, Australia, Asia, Africa and the Middle East.

The study also indicated that one in 10 organizations reported that a board member had either lost or had their computing devices stolen in 2014, continuing the upward trend of reported sensitive data breaches.

"Sixty [percent of organizations] never or only occasionally encrypt board communications," Phil Cottor, managing director and head of risk at Thomson Reuters, told eWEEK. "This is particularly alarming with all the reported hacks we hear regularly reported in the media."

More than half of organizations indicated they had been in a situation where board members had left sensitive documents in public places or had heard of such instances, and just over two-thirds (67 percent) of corporate boards are very concerned about cyber-security risk, while only 44 percent claimed they actually make decisions on the topic.

"The growth in use of mobile technology definitely aligns with boardroom communications security worries, particularly with one in 10 devices being reported lost and stolen," Cottor said. "That, in turn, is one of the reasons we continue to see growth in the adoption of secure board portals with security concerns over existing board communications processes leading to organizations implementing a solution."

Having appropriate security accreditation and controls in place around these solutions is paramount, he said.

A third of organizations continue to print and send materials to board members by courier, and 56 percent of board members print and carry materials around.

The report also indicated there is also a considerable lack of confidence that these materials are disposed of securely, with just 28 percent of respondents reporting that they are confident that their board members do so.

"Board books have been 'mobile' since there were boards, with the challenge that they are bulky and often contain market-sensitive information, are physically hard to secure—and they get lost," Cottor said. "Delivering board books via encrypted networks into a secure, encrypted container on a tablet, phone or laptop keeps documents confidential, enables books from prior meetings to be available and, if lost, ensures that information remains secure."

The geographical dispersion of corporate boards also continues to be an issue for organizations, with 34 percent of board members spread across a number of countries.

In 2014, the number of boards meeting monthly or quarterly has risen to 78 percent, meaning boards that use manual processes to share board material are likely to be experiencing increases in the cost of printing board books and sending them by courier.

"It's inevitable that we will uncover more complex security issues in the future. With cyber-security, you never know what is 'round the corner," Cottor warned. "Organizations have to be prepared to expect the unexpected by having appropriate oversight measures in place. Better lock-picks lead to better locks; the key is to be ever-vigilant and to plan to continually invest in better locks."