July 21, 2017

Board Members Tackle Cyber-Security Risk as Next Line of Defence

With access to a plethora of mobile devices, online channels, and digital platforms, board members worldwide are facing a wake-up call involving cyber-security and protecting sensitive corporate data.

The new reality for time-pressed directors is to tackle cyber-risk, while continuing to communicate securely in an anywhere, anytime, mobile and connected world.

Mirroring global trends, the Asia region is increasingly recognising the importance of cyber diligence, according to Stephanie Wong, Singapore-based Field Marketing Manager, Asia with solutions provider, Diligent.

With a footprint across the financial services, healthcare, manufacturing, and consumer banking space, Diligent has spearheaded awareness around cyber-threats, fiduciary responsibility, and securing sensitive communication.

Diligent’s client base reaches core markets and sectors across Asia, including Singapore, Hong Kong, Malaysia and India. The broader outreach targets North Asia, including China, Taiwan and Japan.

The functionality of Diligent’s offering complements moves to ramp up education and awareness, observes Wong. “Board portal technology caters to small groups of executive users that often have access to confidential information.”

In the connected space, boardroom directors use a range of mobile devices, access points and online channels. Many of these gateways are not necessarily secure, including Yahoo! Mail or Gmail that have been hacked.

“It’s important they have the tools to protect information, for example, during mergers and acquisitions, or the due diligence process,” says Wong.

High-profile cyber-attacks

In the past, network security was regarded as the domain of siloed CIOs or CISOs. With directors coming under increased scrutiny, audits, or share-holder investigations, cyber-security awareness is being catapulted to the top of the agenda.

This trend is marked by improved dialogue between CIOs, CISOs, and board members. “Cyber-security is starting to be a talking point, although more work needs to be done around education and awareness,” notes Wong.

More recently, businesses have faced high-profile cyber-security hacks. This trend impacts shareholder value, sparks regulatory inquiries, and forces a rethink around protecting confidential information.

Boards are addressing the need to tackle cyber-security risk. Proactive planning helps defray potential lawsuits; any perceived breach of fiduciary duties, or failure to maintain internal controls.

In an interconnected business, any oversight risks millions of dollars of potential liability in class-action lawsuits, reputational damage, or loss of consumer confidence and brand trust.

Increasingly, the board is emerging as the next line of defence to prevent and detect risks, before intrusions take hold, and compromise networks or information systems.

Among the considerations, board members need to develop a high-level understanding involving cyber-risks facing the company.

Keynote panel highlights cyber-risks

More recently in Kuala Lumpur, cyber-security in the boardroom came up for discussion at the CIO Leaders’ Summit hosted by Media Corp International.

This keynote panel focused on Cybersecurity in the Boardroom – What role for the CIO/CISO? The discussion was moderated by Thierry Regnier, Vice President of Sales, Asia, for Diligent.

Panellists featured Cheah Kok Hoong, Group CEO at Hitachi Sunway and Information Systems/Chairman, Outsourcing Malaysia (OM) at PIKOM Fazley Rabbi, Head of IT, and Sekar Jaganathan, CIO of Rakuten Trade.

This panel spotlighted findings from a January 2017 Diligent and NYSE Governance Services survey. This survey included responses of 381 directors of public companies on the New York Stock Exchange.

The in-depth survey assessed current communication practices, level of understanding of cyber-security issues, and awareness of any cyber-risk inherent around current communication.

The broader findings were unsettling: among these, nine out of ten directors reported using unsecured, personal email accounts to communicate with one another at least occasionally.  Directors’ personal email accounts include free services such as Yahoo! Mail and Gmail. These types of free email service providers are often targets of hackers and phishers.

Security oversight of director communication

When asked how their companies ensure directors are communicating according to best security practices, over 60% of directors acknowledged they had no idea if a security audit was performed on the board’s communications practices.

Over half of the respondents said they were not required to undertake cyber-security training as part of their board service.

Perhaps one of the reasons directors are not receiving better security oversight and support is that few boards rely on the company’s information security team for guidance on the board’s communication methods. Just 9% of respondents said their companies’ CISOs/CIOs played any role in authorising directors’ communications methods.

As Stephanie Wong remarked, “This is regardless of the fact that board members are privy to the most sensitive information their companies own.”

Directors are considered “high-value targets” by hackers and remain at risk for cyber-attacks.  Given their access to sensitive data – information that would fetch a high price among hackers – directors and executives are subject to targeted, strategic phishing attacks.

About Stephanie Wong

Stephanie Wong serves as Field Marketing Manager, Asia at Diligent and is based in Singapore. In this capacity, she leads marketing across the region from strategic planning, go-to-markets efforts, corporate communications and demand generation with a focus on pipeline growth. With over 14 years of regional B2B marketing experience, Stephanie has demonstrated competencies in driving awareness and demand with knowledge of the individual markets across APAC, including ANZ and ASEAN. She was awarded Collaborative Team Award (ASEAN Marketing) – for the development and execution of an industry leading marketing program with sales that resulted in the partner recognised as SMB Partner of the Year in 2012, Global and APJ by VMware. Stephanie holds a Bachelor of Commerce, with majors in Marketing, E-Commerce and Information Management from The University of Western Australia.