Did you know there’s a glaring gap between board members’ diligence regarding cybersecurity – and board members’ understanding of cybersecurity?
Admittedly, cyber issues are kind of a “new” thing. And board agendas are jam-packed these days. So if members lack knowledge or an appreciation of the complexity of cyber risk management, we can understand.
And yet – today’s boards rely on digital technology to ease the burden of director communications, especially for members who have other full-time commitments, hold multiple board seats and travel frequently. How might that be impacting the security of highly sensitive information?
More than half of board members recently surveyed report technology has increased the overall security of board information. However, even using secure digital board software does not eradicate cyber risk from board communications, nor does it absolve directors from the need to understand, mitigate and monitor related cybersecurity issues.
Lots of companies today struggle with striking the right balance between convenience and security with regard to the distribution of board materials. In fact, in January 2017, NYSE Governance Services, in partnership with Diligent Corp., conducted a survey of more than 350 corporate directors of publicly traded companies to gain a better understanding of current board communications practices.
The survey’s focus was threefold:
- To determine how companies safeguard board communications, while still maintaining a high level of effectiveness
- To ascertain the current level of awareness and readiness of corporate directors to navigate related cybersecurity issues
- To identify potential areas for improvement in managing and mitigating the cyber risks of board communications.
The report confirms that many executives are putting their companies at risk for the sake of convenience, without understanding just how dangerous their online communications practices can be – both financially and legally.
The report goes on to reveal some shocking data points, including:
- 92 percent of board members communicate via personal email accounts that sit outside of corporate firewalls.
- 34 percent download confidential company documents onto their personal computers or devices.
- 62 percent were not required to undergo cybersecurity training.