Cyber security – it’s becoming a big issue for UK boards. A recent survey by the consultancy PwC reveals that one-in-four UK companies have suffered a data breach in the past two years. And, according to PwC, cyber criminals are becoming ever more ambitious, targeting not just financial information, but also customer data and intellectual property.
The increase in high profile attacks on companies like TalkTalk and JD Wetherspoon has done much to raise awareness of the growing cyber threat. It should come as no surprise that today’s UK boardrooms have become more cyber-savvy.
A recent survey by Brainloop, conducted at ICSA 2016, confirms that cyber-security awareness is at an all-time high, with over two-thirds of those organisations surveyed saying that cyber security is now a pressing board issue.
Considering the financial and reputational impact posed by a potential cyber breach, it would be astonishing if boardroom engagement with cyber risk management was not a top priority.
But with cyber crime incidents in the UK up 20% since 2014, the board itself also has a major role to play in battening down potential vulnerabilities. That’s especially true when it comes to securing its own communications and board materials.
A data breach at board level would be catastrophic for many UK businesses. According to 81% of respondents participating in the Brainloop survey, the loss or leakage of board papers would prove highly damaging for their business.
Company Boards need to lead by example
While there is a pressing need to secure every aspect of an organisation’s operations against external threat, you’d expect that a ‘belt and braces’ approach to cyber security would begin at the top. In other words, that the majority of UK boards would be utilising a digital board portal to help create and securely share, review and update board materials.
Yet the evidence speaks to the contrary. Almost half (48%) of the organisations surveyed confirmed they still use traditional methods to create board information packs, the majority of which are then distributed as hard copies.
Clearly, boardroom methodologies and workflows remain firmly wedded to the past, despite the fact that many boardrooms say they are well aware of the damage that a data breach could cause.
That includes using convenient yet insecure channels – like email – to communicate confidential board information on a day-to-day basis. It’s this approach that puts board communications and company data at risk of interception by criminals.
Awareness where it matters most
The Brainloop survey revealed that 57% of organisations said their board had a strong digital culture, including using multiple devices for work, being active on social media and looking for ways that technology can improve their business. But this culture doesn’t appear to be filtering down to where it matters the most.
Take, for example, data governance. Of the 52% of organisations using a digital board portal, one-third had no idea in which country their solution provider stores their data. This has significant compliance implications for the business, as data protection regulations, tax laws and security policies can all impact where data can be stored.
There are also major regulatory changes in the pipeline, including Privacy Shield – the new deal that’s set to replace Safe Harbor once EU member states have reviewed and approved as adequate – and the EU’s General Data Protection Requirement is also on the horizon, so it is becoming even more important for companies to know in which country their data is being held.
Cyber security – a business AND boardroom priority
Cyber attacks and data leakage represent a daily threat for UK organisations of every size. With investors and regulators challenging boards to step up their oversight of cyber security, it’s time for the board to take the lead. Especially considering that board members deal with some of the most sensitive company data of all.
While embracing a digital board culture is important, engaging in a real-world cyber-aware culture is now an essential requirement. The good news is that technologies are available to help the board be as secure as possible.
Given the pressing nature of the cyber-threat environment, it’s time that boards took the lead and shored up their own day-to-day practices. Because it’s one thing to demand secure processes across the business – and quite another to practice what you preach.
Sourced from Mark Edge, UK Country Manager, Brainloop