Thomson Reuters Survey Reveals Increased Cybersecurity Risk to Boardroom Communications

Annual corporate governance survey from Thomson Reuters Accelus reveals company Boards lack security structures to protect Board information.

LONDON/NEW YORK, 4 November, 2014 – Thomson Reuters, the world’s leading source of intelligent information for businesses and professionals, released its Board governance survey for 2014, which shows that despite a slight decline in the amount of Board information being produced each year, corporate Boards are increasingly exposed to cybersecurity risk. Boards continue to communicate through unsecure means and have minimal measures in place to prevent a security breach. The survey also shows that one in 10 organizations reported that a Board member had either lost or had their computing device stolen in 2014, continuing the upward trend of reported sensitive data breaches.

Thomson Reuters surveyed more than 200 corporate and company secretaries across Europe, the Americas, Australia, Asia, Africa and the Middle East to canvass their views on some of the key challenges faced by the Board today. Respondents represented firms from a wide set of industries including financial services, manufacturing, government, education, life sciences, energy and other highly-regulated industries.

Key findings from the report include:

• Over half of organizations indicated they had been in a situation where Board members had left sensitive documents in public places or had heard of such instances.
• Two-thirds (67 percent) of corporate Boards are very concerned about cybersecurity risk, whilst only 44 percent claimed they actually make decisions on the topic.
• 60 percent of organizations never or only occasionally encrypt their Board communications, and only one-quarter indicated that they always do so.
• More than half (56 percent) of Board members still print and carry around Board documents.
• Half (51 percent) of organizations surveyed do not utilize a secure purpose-built board portal.
• Cybersecurity information is the least frequently requested information by the Board, with only 32 percent of Boards frequently or very frequently requesting such information
• An increasing proportion of respondents are not confident Board members destroy sensitive, printed Board documents, while a staggering 60 percent of organizations are not confident or are unsure if their Board members do so.

“In this digital age, it’s alarming that so many organizations don’t have structures in place to safeguard their information from security and cybersecurity threats,” said Phil Cotter, Managing Director and Head of  Risk, Thomson Reuters. “What’s disheartening is that information on cybersecurity remains the least frequently requested information by corporate Boards, which leaves significant uncertainty around their ability to effectively oversee security management, particularly if they aren’t taking steps to keep fully informed on security matters.”

Security and cybersecurity risk

Private computing devices are now commonly used by most Board members for Board communications, but only one-third of them are provided by the company itself. Furthermore, there has been an increase in these computing devices that are used for Board communications being stolen or lost. Ten percent of organizations reported that they have had this happen to a Board member and 5 percent of organizations stated that they have had sensitive Board materials left in a public place.

Many organizations continue to use non-secure commercial email accounts to send Board information to Board members, with 43 percent of respondents claiming they always or regularly do this. With 60 percent of organizations never or only occasionally encrypting Board communications, many could be leaving their Board communications liable to hacking and their organization at risk of a serious data breach.

One-third of organizations continue to print and courier materials to Board members and 56 percent of Board members print and carry materials around. There is also a considerable lack of confidence that these materials are disposed of securely, with only 28 percent of respondents reporting that they are confident that their Board members do so.

Communications and technology

The geographical dispersion of corporate Boards also continues to be an issue for organizations, with 34 percent of Board members spread across a number of countries. In 2014, the number of Boards meeting monthly or quarterly has risen to 78 percent, meaning Boards that use manual processes to share Board material are likely to be experiencing increases in the cost of printing and couriering Board books.

A detailed report on the survey’s findings can be found at: http://accelus.thomsonreuters.com/special-report/evolving-role-global-board

Thomson Reuters Accelus is a market-leading solutions for enterprise Governance, Risk and Compliance (GRC) management, enterprise risk management, policy management, audit management, global regulatory intelligence, financial crime, anti-bribery and corruption, supply chain risk, enhanced due diligence, training and e-learning and Board of Director and disclosure services.  For more information, go to http://accelus.thomsonreuters.com/

Thomson Reuters

Thomson Reuters is the world’s leading source of intelligent information for businesses and professionals. We combine industry expertise with innovative technology to deliver critical information to leading decision makers in the financial and risk, legal, tax and accounting, intellectual property and science and media markets, powered by the world’s most trusted news organization. Thomson Reuters shares are listed on the Toronto and New York Stock Exchanges. For more information, go to thomsonreuters.com.