ICSA and FT’s Boardroom Bellwether report – a twice-yearly survey canvassing the views of FTSE 350 company secretaries – has just come out and the results are interesting. Three-quarters of UK boards believe that the risk of a cyberattack is increasing, and two-thirds are actively trying to mitigate that risk. 67% percent have openly discussed the government’s 10 Steps cybersecurity guidance, up from 63% last year.
This survey shows that managing and mitigating cyber risk are important parts of a board’s responsibility, and boards are taking it seriously. But to set an example across the company, a board should look at how it manages its own information flow. A significant number of boards still receive sensitive information – in the form of board reports and materials – in paper copies, couriered to board members’ homes in advance of board meetings.
The security risk is obvious. Companies may be spending millions of pounds on security systems to stop hackers from accessing confidential data, salary and bonus details, company financials or inside information on corporate strategy, yet they trust this information to a courier in order to deliver it to board members ahead of meetings.
This obsession with paper copies doesn’t stop with board members. The Bellwether report findings show that 21% of respondents say that more than half of their shareholders request paper, rather than electronic, communication.
For a company to tackle cyber risk, a change has to come from the top. That means the board should set the example by ensuring that it communicates data securely. A secure board portal protects company data, allowing board members to access relevant information within a secure environment, from a tablet, laptop or secure browser. Data is encrypted both at rest and in transit, and is hosted securely. Access rights are tightly managed, and if a device is lost or stolen, your data remains safe.
Of course, paper is the least secure means of communication. Taking even small steps towards digital communication improves security when compared to sending paper documents to board members or shareholders.
But to address the threat of cybersecurity effectively, companies must also stop their reliance on PDFs, unsecured email and public cloud storage services such as Dropbox, which could leave them vulnerable to cybertheft. Communicating sensitive data means investing in secure systems all the way through the company, starting with the boardroom. Achieving that requires a change in corporate culture.