Thomson Reuters survey reveals increased cybersecurity risk to boardroom communications

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.automatedtrader.net/news/at/152320/thomson-reuters-survey-reveals-increased-cybersecurity-risk-to--boardroom-communications

Thomson Reuters has released its board governance survey for 2014, which
shows that despite a slight decline in the amount of board information
being produced each year, corporate boards are increasingly exposed to
cybersecurity risk. Boards continue to communicate through unsecure means,
and have minimal measures in place to prevent a security breach. The survey
also shows that one in ten organizations reported that a board member had
either lost or had their computing device stolen in 2014, continuing the
upward trend of reported sensitive data breaches.

Thomson Reuters surveyed more than 200 corporate and company secretaries
across Europe, the Americas, Australia, Asia, Africa and the Middle East to
canvass their views on some of the key challenges faced by the board today.
Respondents represented firms from a wide set of industries including
financial services, manufacturing, government, education, life sciences,
energy and other highly-regulated industries.

Key findings from the report include:

· Over half of organizations indicated they had been in a situation where
board members had left sensitive documents in public places or had heard of
such instances

· Two thirds (67%) of corporate boards are very concerned about
cybersecurity risk, whilst only 44% claimed they actually make decisions on
the topic

· 60% of organizations never or only occasionally encrypt their board
communications, and only a quarter indicated that they always do so

· More than half (56%) of board members still print and carry around board
documents

· Half (51%) of organizations surveyed do not utilize a secure
purpose-built board portal

· Cybersecurity information is the least frequently requested information
by the board, with only 32% of board frequently or very frequently
requesting such information

· An increasing proportion of respondents are not confident board members
destroy sensitive printed board documents, while a staggering 60% of
organizations are not confident or unsure if their board members do so

"In this digital age it's alarming that so many organizations don't have
structures in place to safeguard their information from security and
cybersecurity threats," said Phil Cotter, managing director, head of Risk,
Thomson Reuters. "What's disheartening is that information on cybersecurity
remains the least frequently requested information by corporate boards,
which leaves significant uncertainty around their ability to effectively
oversee security management, particularly if they aren't taking steps to
keep fully informed on security matters."

Security and cybersecurity risk

Private computing devices are now commonly used by most board members for
board communications but only a third of them are provided by the company
itself. Furthermore, there has been an increase in these computing devices
that are used for board communications being stolen or lost. 10% of
organizations reported they have had a board member to whom this has
happened to and 5% of organizations stated they have had sensitive board
materials left in a public place.

Many organizations continue to use non-secure commercial email accounts to
send board information to board members with 43% of respondents claiming
they always or regularly do this. With 60% of organizations never or only
occasionally encrypting board communications, many could be leaving their
board communications liable to hacking and their organization at risk of a
serious data breach.

A third of organizations continue to print and courier materials to board
members and 56% of board members print and carry materials around. There is
also a considerable lack of confidence that these materials are disposed of
securely with only 28% of respondents reporting that they are confident
that their board members do so.

Communications and technology

The geographical dispersion of corporate boards also continues to be an
issue for organizations, with 34% of board member spread across a number of
countries. In 2014 the number of boards meeting monthly or quarterly has
risen to 78%, meaning boards that use manual processes to share board
material are likely to be experiencing increases in the cost of printing
and couriering board books.

A detailed report on the survey's findings can be found at:
http://accelus.thomsonreuters.com/special-report/evolving-role-global-board

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!