Earlier this year, Commissioner Robert Jackson Jr. of the US Securities and Exchange Commission declared that cybersecurity is “the most pressing issue in corporate governance today.” Indeed, widespread digitization has fundamentally transformed the way that people do business, ushering in new heights of efficiency and connectivity. It has also created significant risk management issues for public companies in all sectors, from securing consumer information to responding to data breaches.
However, despite the growth of digitization and its concomitant risks for public companies, it appears that many board members still rely on outdated and unsafe software to protect sensitive materials and respond to crises, according to a recent Forrester report titled “Directors’ Digital Divide: Boardroom Practices Aren’t Keeping Pace With Technology.”
The report’s key risk findings and corresponding recommendations are as follows:
- Over 50% of internal board communications happen over personal email. Instead, board members should be using management/board portal software that includes features such as closed-loop chats and virtual deal rooms.
- Almost 30% of board members reported losing/misplacing a phone, tablet, or laptop in the past year. Employing software that can wipe devices remotely is one of many strategies to help safeguard against security breaches that stem from missing tech.
- Boards are failing to use available technology to solve governance responsibilities and attract talent. Technology can help streamline day-to-day activities, such as preparing reports and optimizing meetings, as well as big-picture governance concerns, such as understanding key risks areas and charting operations. Management software that tracks environmental, social, and governance (ESG) performance can also help bolster ESG practices, the promotion of which can draw upcoming talent.
- In crisis situations, current technology practices are sometimes hindering as opposed to helping boards. 30% of boards experienced a crisis situation in the past two years, highlighting the need for board management software that facilitates quick action and implementation and allows for secure internal communications.At the end of the day, boards must set the tone on cybersecurity from the top down. When board members do not take cybersecurity seriously (by using unsecured, personal devices to communicate sensitive board information, for example), this increases the risk of cybersecurity incidents and sends the wrong message to shareholders and consumers. But equally importantly, it signals a lost opportunity for forward-thinking, proactive leadership. In an era of increasing scrutiny on cybersecurity-rated issues from governments and regulators, board members should be leveraging their positions and influence by leading the way on best practices for cybersecurity and data protection.
Click here for more information about cybersecurity and data protection in Canada, including a video on Canada’s new Digital Privacy Act and how it will impact public companies.
In the face of cybersecurity risks, boards that are committed to good corporate governance and prudent risk management should think about using suitable governance technology and implementing enterprise governance solutions to provide oversight and ensure data privacy. In a previous post on this blog, we outlined steps that boards should take to prepare for cybersecurity crises before they arise.
The author would like to thank Sarah Pennington, articling student, for her assistance with this legal update.