Boardrooms still lack security awareness
Despite an increase in the board-level cyber security awareness, data security controls in the boardroom are not sufficient, according to a recent research from Thomson Reuters. The research conducted globally shows while on one hand, board communications are becoming increasingly complex, while on the other outdated board procedures, unsecure distribution channels and costly board materials are all contributing to increased security gaps.
Board security gap
According to the report, over 67 percent of respondents admit they do not know if their board members destroy all print copies of board materials. Also, 62 percent of respondents had heard of situations where board members have left sensitive information in public places, representing a 12 percent increase compared to last year.
Over three-quarters of the respondent said that enterprises utilize unsecure, personal email accounts to distribute board documents, and almost half do not ensure board communications are encrypted.
Volume of board materials rise
While data insecurity worsens, the survey found that board books and volumes of information continue to grow. On average, board books are 179 pages in length according to respondents, compared to only 116 pages in 2012.
This amounts to 16,010 pages of board material each year, representing a 67 percent increase from the average of 10,000 pages reported last year.
More number of members
The chance of data leaks is also increasing as the number of board members per organisation rises, with 43 percent now having more than 11 board members, rising from 29 percent in 2012.
Almost half of boards still rely on paper-based board books. There was a slight decrease in the number of respondents who distributed their board books electronically, despite an increase of members being located across borders.
However, the study shows that there has been an increased focus on risk oversight, with 84 percent of respondents saying their board actively set “a risk culture and cascaded its risk policy to management”. This is a significant increase from 2012 where only 57 percent of respondents said the same.
“In the current cyber security landscape, Security should no longer be seen as an IT problem. It should be seen as a business issue. Companies should put security at the top of their priority list and the board should be equally involved in the process, said Sanjeev Kumar, Group CIO & Group President – Business Excellence of Adhunik Group.
“Corporate governance is becoming increasingly complex due to demanding regulatory requirements and scrutiny on organizations’ compliance,” said Chris Perry, managing director for risk at Thomson Reuters adding that with the increase in security risk, it is extremely important for companies to protect their organisation from reputational damage.
- Ten Trends Redefining Enterprise IT In 2018
- 5 Ways AI Can Live Up To Its Promise In 2018
- 70% Indian Firms To Deploy AI By 2020: Intel
- Why Cloud Adopters Need Visibility Into Their Network
- Cyber Security Jobs At Premium As India Goes Digital
- Enterprise Networks: Things To Focus On In 2018
- Trends In Information Management: An India Perspective
- Cyber Security Predictions For 2018
- SpiderOak CEO Warns Of 10 Cybersecurity Threats For 2018
- Uber Data Breach: Accountability, Corporate Ethics In Question