When board members and executives communicate, to what extent do they do so electronically and securely? This was the question examined in Board Communication and Digitalisation, a pan-European study undertaken by EY (formerly Ernst & Young), Brainloop, the HHL Leipzig Graduate School of Management and Philipps University in Marburg (Germany). The study surveyed 2,800 companies in Benelux, Germany, Austria, Switzerland, France, Scandinavia, the UK and Ireland.
Three quarters use a board portal
Hardcopy board books and piles of ring binders are a thing of the past. According to the study, 76 per cent of the respondents already use digital board portals. These are a collaborative software tool that lets users view and work securely and efficiently on sensitive documents. The interesting point here is how this usage is spread across the countries. In Scandinavia and the English-speaking countries, almost all the study participants (90 per cent) use board portals. The German-speaking area is next with 70 per cent and France brings up the rear with 64 per cent.
Once the portal has been introduced to a company, it becomes a permanent fixture. As many as 90 per cent of those surveyed said they were satisfied or very satisfied with it. When choosing a suitable board portal solution, the respondents considered the following features to be particularly important:
- Encryption comes top by a long way (83 per cent)
- More than two thirds (67 per cent) find it important to have a tamper-proof audit trail to log all activities
- For 65 per cent, data protection that complies with local laws is especially relevant
- More than half of the respondents (55 per cent) want to be sure that IT administrators cannot access the information they store
“The use of board portals is a good way of making board members’ work more efficient,” explains Thomas Deutschmann, CEO of Brainloop. “They should include mobile access to key information, as well as the ability to comment on meeting documents and resolutions. And users can now vote on resolutions electronically. These processes are obviously only carried out in a high-security dataroom.”
There are additional board processes that digitalisation makes easier. Despite the widespread usage of board portals, most votes during board meetings are still taken with those present raising their hands (77 per cent). Digital solutions are not used often in this area, although they are able to record the vote and put it into tamper-proof storage to support traceability.
Meeting technologies and formalisation
Almost all the companies (92 per cent) say that board members attend the board meetings in person. A third (33 per cent) often use conference calls and over a quarter (26 per cent) regularly use document-based communication for the meetings. Video conferencing is the least-used method for running a board meeting (12 per cent). However, that may change in the future with the need for fast and efficient decision-making, which would prompt an increase in the use of virtual meetings and electronic communication technologies.
To make this possible, the information processes must already have been defined and formalised in the board’s statutes and rules of procedure. Most of the survey respondents consider that there is a high (46 per cent) or very high (16 per cent) degree of formalisation for information sharing between their companies and boards. However, 37 per cent consider their information processes to be partly formalised at best – or even less. This high percentage is surprising considering that insufficient formalisation for information processes implicitly exposes them to a risk of liability.
Decisions about information communication methods are often taken jointly by non-executive and executive boards. This was indicated by 29 per cent of one-tier boards and 37 per cent of two-tier boards.
Ensuring that non-executive boards receive information efficiently is a key factor contributing to good corporate supervision. Alongside the choice of systems, the staff in a corporate office or company secretary’s office is more important than ever in providing support for the non-executive board and ensuring the quality and prompt delivery of the information required. This is also reflected in the study, with the corporate officer being the most frequent contact person (73 per cent), ahead of the executive board (59 per cent) and the chairman of the non-executive board (51 per cent).
Frequent cyber-attacks and use of unencrypted emails
About half the study participants say they regularly work on the issues of cyber-attacks and data breaches (55 per cent) as well as on data protection and data sovereignty (48 per cent). Asked about their level of knowledge, 43 per cent said they had already had a lot of experience with cyber-attacks. The figure was 51 per cent for data protection. Nevertheless, board members often still access information using unencrypted emails. Almost half (49 per cent) use this non-secure way of sharing data on mobile devices, compromising the security of sensitive documents. A positive aspect, however, is the increasing level of usage of secure board portals for communication (64 per cent access one using their laptop and 80 per cent with a mobile device). The situation is similar when external advisors access meeting documents: a fifth of the respondents (21 per cent) still forward unencrypted information to them, making the data easy prey for hackers. But 55 per cent use encrypted emails or board portals with specific access permissions.
“Board members are a worthwhile target for hackers because they work with sensitive documents every day,” says Deutschmann. “If companies don’t ensure stringent data protection when sharing data with external advisers and partners, they can easily become victims of industrial espionage. The increasing usage of secure board portals shows that companies are on the right track. These tools combine confidentiality with ease of use so that there’s no longer any need for unencrypted communication, even with mobile devices.”