Boardrooms still lack security awareness

by CXOtoday News Desk    Nov 11, 2013


Despite an increase in the board-level cyber security awareness, data security controls in the boardroom are not sufficient, according to a recent research from Thomson Reuters. The research conducted globally shows while on one hand, board communications are becoming increasingly complex, while on the other outdated board procedures, unsecure distribution channels and costly board materials are all contributing to increased security gaps.

Board security gap

According to the report, over 67 percent of respondents admit they do not know if their board members destroy all print copies of board materials. Also, 62 percent of respondents had heard of situations where board members have left sensitive information in public places, representing a 12 percent increase compared to last year.

Over three-quarters of the respondent said that enterprises utilize unsecure, personal email accounts to distribute board documents, and almost half do not ensure board communications are encrypted.

Volume of board materials rise

While data insecurity worsens, the survey found that board books and volumes of information continue to grow. On average, board books are 179 pages in length according to respondents, compared to only 116 pages in 2012.

This amounts to 16,010 pages of board material each year, representing a 67 percent increase from the average of 10,000 pages reported last year.

More number of members

The chance of data leaks is also increasing as the number of board members per organisation rises, with 43 percent now having more than 11 board members, rising from 29 percent in 2012.

Almost half of boards still rely on paper-based board books. There was a slight decrease in the number of respondents who distributed their board books electronically, despite an increase of members being located across borders.

However, the study shows that there has been an increased focus on risk oversight, with 84 percent of respondents saying their board actively set “a risk culture and cascaded its risk policy to management”. This is a significant increase from 2012 where only 57 percent of respondents said the same.

“In the current cyber security landscape, Security should no longer be seen as an IT problem. It should be seen as a business issue. Companies should put security at the top of their priority list and the board should be equally involved in the process, said Sanjeev Kumar, Group CIO & Group President – Business Excellence of Adhunik Group.

“Corporate governance is becoming increasingly complex due to demanding regulatory requirements and scrutiny on organizations’ compliance,” said Chris Perry, managing director for risk at Thomson Reuters adding that with the increase in security risk, it is extremely important for companies to protect their organisation from reputational damage.