We've all read the surveys and reports on the high cost of data breaches and the associated remediation, lawsuits, and penalties. The cost could also increase as a result of the precedent set by Krottner v. Starbucks. As I understand it, in order to get a class action suit to trial, plaintiffs don't need to show actual harm from a breach. They just have to show an increased risk of harm. If a Board Portal is breached, this could mean every one of your shareholders is a potential plaintiff (arguing that their investment has been placed at increased risk of harm due to insider trading or other stock price manipulation).

And this doesn't just affect public companies. Private companies that do business with public companies may need to start disclosing breaches to keep corporate customers as clients.

I examined some of the Board Portal companies--many of which are startups offering cloud-based services. The barriers to entry are low and new ones keep popping up. That raises a warning flag to me; I am a bit concerned with the ability of these companies to safeguard sensitive data. Many aren't making security the top priority--even though it's mission-critical. The Board Portals are a gold mine for looking to make a large quick profit. This is not speculation; it has already happened.

In fact, I talked to a few of the top Board Communication Portals in the market today to ask them a few questions about their security. The answers were frightening to say the least. None of them could provide a good answer to more than two of the ten questions I asked.

One leading company provided two alarming examples: