Corporate Boards Vulnerable to Hacking and Information Theft, Says Thomson Reuters Survey
PRESS RELEASE
Corporate Boards Vulnerable to Hacking and Information Theft, Says Thomson Reuters Survey
LONDON, Sept. 21, 2011 – Most major corporations surveyed have significant security gaps that leave sensitive board-level information open to information theft and hacking. Those are among the findings of a new survey of board members of UK and global corporations conducted by Thomson Reuters Governance, Risk & Compliance (www.accelus.thomsonreuters.com).
The findings are particularly noteworthy in light of recent news stories about the handling of board communications involving executive succession decisions at companies including Yahoo and Apple.
The survey found that information provided to members of corporate boards of directors is often in unencrypted email accounts and computers, or otherwise provided in forms that are easily lost, misplaced or stolen. The Thomson Reuters Governance, Risk & Compliance survey polled general counsel and board members at leading global corporations across a wide variety of industries.
Most corporations surveyed have one or more of the following potential security issues involving information provided to board members:
| Unencrypted board communications | 85% |
| Board documents stored on personal computers at home or work | 79% |
| Board documents stored on personal mobile devices (e.g., iPad, laptop, smartphone, etc.) |
75% |
| Documents sent to board members via personal, non-commercial email addresses | 73% |
| Board documents accessible via wi-fi or unsecured networks | 71% |
| Have reported computer, mobile devices, or sensitive company documents lost, stolen or left in public places |
10% |
Another vulnerability is in the area of legal discovery, as most corporations are not accounting for all of the computing devices that board members are using to access and store board documents. The discovery process would then require a canvassing of computers, files and other data storage maintained by board members at their homes or businesses.
“Communications and information handling with board members represents a weak link in the chain of corporate information security,” said David Craig, president, Thomson Reuters Governance, Risk & Compliance. “Boards of directors handle some of their companies’ most critical and sensitive information, including business strategies, discussion of executive hiring and compensation, legal issues, internal investigations and more.
“While most corporations take extraordinary measures to protect information shared with executives and employees, board members – often being outside directors – operate largely outside of a corporation’s secure computer networks and many of their strict internal security policies. The survey found that information given to the board is treated with inadequate levels of care and security with alarming frequency, placing information at risk of loss, theft and exposure.
“In addition, because of the increasingly global nature of boards,” continued Craig, “members often have to travel considerable distances to attend board meetings and functions, providing numerous opportunities for papers, briefcases, laptops and mobile devices to be physically lost, stolen or exposed to hazards such as hackers and unsecured networks.”
A detailed report on the survey’s findings on security vulnerabilities involving board-level information can be found at: http://accelus.thomsonreuters.com/boardsurvey2011
Thomson Reuters Governance, Risk and Compliance
Through the Thomson Reuters Accelus suite of products, the Governance, Risk & Compliance business dynamically connects business transactions, strategy and operations to the ever-changing regulatory environment, providing highly regulated firms with informed outcomes.
Thomson Reuters Accelus is a comprehensive suite of solutions specifically built to address the governance, risk and compliance challenges faced by the boardroom, and its legal, compliance, audit and risk management professionals. Comprising leading solutions provided by the heritage businesses of Complinet, Oden®, Paisley®, West’s Capitol Watch®, World-Check, Westlaw Compliance Advisor®, Westlaw Business and EDGARfilings, Thomson Reuters Accelus helps customers manage their risk exposure and accelerate their business at every step.
For more information, visit: accelus.thomsonreuters.com
Thomson Reuters
Thomson Reuters is the world's leading source of intelligent information for businesses and professionals. We combine industry expertise with innovative technology to deliver critical information to leading decision makers in the financial, legal, tax and accounting, healthcare and science and media markets, powered by the world's most trusted news organization. With headquarters in New York and major operations in London and Eagan, Minnesota, Thomson Reuters employs more than 55,000 people and operates in over 100 countries. For more information, go to http://thomsonreuters.com.