(Bloomberg) --Even after high-profile security breaches at Target Corp., Facebook Inc., and Google, a majority of board members are still using personal email accounts to share corporate information -- and a third of them have misplaced a company-owned mobile device or computer in the past year.
All told, 56 percent of directors and 51 percent of C-suite executives are using personal email, rather than a corporate account, to send sensitive company information. That’s one of the findings from a survey of 411 board members and governance officials from 11 countries conducted earlier this year by Forrester Consulting for Diligent Corp., which sells software for securing boardroom documents.
“Many board members are using what might have been their first email,” said Brian Stafford, chief executive officer of Diligent. That includes services such as Prodigy, SBCGlobal and even Yahoo, which has been hacked already, he said. Many of the older services lack the newer security features.
Cyber security is frequently cited as a top concern in boardroom surveys as new reports of alleged Russian meddling in elections and breaches that expose embarrassing emails damage company reputations and often result in costly shareholder lawsuits. The cost of cybercrime to firms over the next five years could reach $8 trillion, the World Economic Forum said in January.
Even a modern email system like Alphabet Inc.’s Google Gmail is a risk, because once someone has access to the Gmail account, they can also get to a user’s documents and other files stored within the account, Stafford said. Hackers will trick people into giving out their passwords, he said.
John Podesta, Democrat Hillary Clinton’s former campaign chief, had his Gmail account hacked in 2016, and damaging emails were leaked to the media. The leak became a campaign issue in Clinton’s loss to Republican Donald Trump. The same group is now seen as being active on new attacks outside the U.S.
More recently, Elliott Broidy, a top fund-raiser for Trump, had his computers breached and emails leaked after hackers were able to gain access to his wife’s Gmail account and uncover sensitive information.
Because directors tend to be older, that may mean they are less computer savvy than people who grew up with more technology, Stafford said. The average age of an independent director at a company in the S&P 500 is 63.1 years, a 1 percent increase in the last half decade, according to executive recruiter Spencer Stuart.
The survey, released Wednesday, also found that 30 percent of board members reported losing or misplacing a phone, tablet or computer in the past year and 23 percent said the lost or misplaced paper documents, adding to the potential for stolen data. The companies surveyed were a mix of private and public, across multiple industries.