How board portals keep your information secure from cyberthreats

With high-profile hacks in the news almost every month, it is no surprise that boards are reassessing how they protect their most sensitive information.

In June 2023, a flaw in software used by nearly half of FTSE 100 companies compromised personal data for tens of thousands. Soon after, CalPERS, the largest public pension fund in the US, was hacked, exposing 770,000 members. And in August of that year, the UK electoral register was hit, affecting 40 million people. These incidents are growing in scale and frequency.

Company directors increasingly care about cybersecurity…

According to cybersecurity firm Sophos, at least 20% of UK organizations have suffered data theft in the past year. Boards are paying attention: General counsel now list cybersecurity risks among their top concerns. What used to be a minor note in the IT report is now a key item on board agendas.

…yet most boards of directors lack the tools to secure their own data

But are board members securing their own sensitive information? Unfortunately, the answer is usually no.

In a survey we conducted with the Corporate Governance Institute, 43% of boards used a portal. The other 57% didn’t.

The difference was clear: 83% of directors using a portal were confident their information was secure, compared to just 41% of those without one.

For more details on what a board portal is and can do, see our complete guide to board portals.

How do board portals protect sensitive information from data breaches?

Board portals do more than save time — they strengthen security in two major ways:

1. They unify the reporting process, reducing risk and simplifying security.
2. They automate the process, limiting human error.

Unifying the reporting process

Online, fewer tools mean fewer risks. A board portal reduces the number of tools used to brief authors, collate reports, distribute packs, and approve board resolutions. It replaces email, chat, file-sharing, and e-signing tools with one secure system.

This streamlines the process and shrinks your “attack surface.” With fewer tools to update or monitor, your IT team reduces exposure to risk.

Portals also offer tighter control. Unlike email, where files can be forwarded or lost, portals let you:

• Control who sees each report
• Revoke access anytime
• Wipe downloaded data
• Fix errors after publishing
• View an audit trail of actions
• Control access down to an individual item.

You’re not relying on one line of defense either. Good portals include:

• Two-Factor Authentication (2FA)
• End-to-end encryption
• Granular permissions
• Audit logs.

They also protect against phishing. Anything outside the portal, like fake meeting invites, can be treated as suspicious.

Automating the reporting process

Every manual step introduces risk. Accidentally attached files, wrong recipients — it adds up fast.

Think about it: dozens of emails for each paper, repeated across many reports, packs, and meetings. Mistakes become likely.

Board portals remove those risks by:

• Automating steps from agenda to delivery
• Keeping everything in one secure space
• Restricting access at every stage.

How to choose a secure board portal provider

Check for key features that improve behaviors

Good security is about making the right thing easy. Look for features that protect data, even when users aren’t tech-savvy:

• Two-Factor Authentication (2FA): Even if a password is stolen, access is blocked without the code.
• Meeting link integration: Prevents directors from clicking phishing links.
• Notes and comments in-portal: Avoids email mix-ups.
• Granular permissions: Limits access to only what’s needed.

Check the board portal’s cybersecurity certifications

Start by checking credentials. Not all certifications are equal; some only apply to data centers, not the provider itself.

The best-known certifications include:

• ISO 27001: International standard for information security management, reviewed annually.
• Cyber Essentials Plus: UK government-backed, with a hands-on security test included.

If a provider lacks certifications, they may not have been audited or invested in security.

Check cybersecurity-related public information

Search for the portal in the app store. When was it last updated? If it’s been more than a few months, that’s a red flag.

Also, see if the provider is listed on reputable platforms like G-Cloud (UK). These lists vet services for government use.

Ask your cybersecurity questions directly to the board portal provider

Finally, ask the board portal providers directly. Typical questions to ask about their product’s security would include:

Here’s what to ask:

• Where are their servers located?
• Do they encrypt all data, both stored and in transit?
• How do they protect against outages or DDoS attacks?
• Do they screen employees? Who can see your data?
• Do they run penetration tests (“pentests”)? Will they share results?
• Which third parties can access data?
• Have they had any major breaches?
• Do they offer audit trails?
• How often are security policies reviewed?

How they respond will tell you as much as what they say.

Get enterprise-grade cybersecurity with Board Intelligence

Board Intelligence is a board portal that uses top-tier data centers (ISO 27001 & 9001-certified) and includes every feature needed to keep your information secure. That’s why banks, regulators, healthcare providers, corporate service providers, and global businesses trust it.

To see why 75,000+ directors and executives trust our platform, book a demo today.