IT experts: security gaps in virtual general meetings

They complain about the monotonous presentation and the lack of right to ask questions during the AGM. And they worry about the security of their data at the purely virtual event. “I can assure you that we will do everything possible to ensure this security,” Kaeser shouts to them.

The concerns of the shareholders are not unjustified: Last year, an IT expert discovered potential security gaps in platforms that are in part also used by large companies for holding virtual general meetings.
Since then, service providers and the DAX companies have increased the security level of the general meetings. After all, many companies want to make the digital meetings more multimedia this year and better involve investors in the appearance, as a Handelsblatt survey of Dax 30 companies shows. The experience from the first round of virtual AGMs has shown that the new form is not only legally, but also technically demanding.

When it came to cyber protection for virtual events, companies had to learn a lot, as a study by Andreas Mayer from Heilbronn University shows: The professor for IT security checked the portals at more than 600 general meetings. The results are mixed.

Top jobs of the day

Find the best jobs now and
be notified by email.

In a good 52 percent of the events, the computer scientist found outdated software components with known security gaps. During a manual check he found further critical weaknesses. A hacker cannot exploit this in every case, emphasizes Mayer, but: “In the context of general meetings, this should not happen in such a crowd.”

The IT security researcher sees a need for further improvement. All service providers allow users passwords that do not comply with the recommendations of the Federal Office for Information Security (BSI). This advises a mixture of upper and lower case letters, digits and special characters and a length of at least eight characters.

See Also:  Galaxy Watch in falling price: Top Smartwatch from Samsung always cheaper - CHIP Online Germany

Mayer emphasizes that he has no evidence of hacker attacks. But: The problems are not trivial. Under certain circumstances, it was possible for actors to block the user accounts of shareholders, view confidential data of others, change voting behavior unnoticed, or even take over user accounts completely – whether competitors or activists. “In the worst case, that can blow up a general meeting.”

The IT providers for the virtual HVs emphasize that protecting their systems has priority. Better Orange points out that they have “external specialists” support themselves in the development of the software and that regular security checks are carried out. Notes like those from IT security researcher Mayer “flow directly into our process design and software development,” said the Munich service provider, who is one of the three major providers in the business.

A similar picture emerges for the Australian company Computershare, which handled a quarter of the general meetings examined. It emphasizes that it reacted immediately to the indications and fixed the problems within 96 hours, which was confirmed by an independent test. There was no “inappropriate access” to data.

The presentation also needs improvement

In addition, there is a tension between IT security and stock corporation law, according to Computershare. You often have to justify yourself to the customer as to whether IT security is overshooting the target. Because the corporations fear technical problems in the course of the meetings, which could lead to challenges from investors.

The IT challenges are complex and many are still learning, says Alexander Balling, member of the Better Orange board. A shareholder must be able to pass on his voting rights on the day of the general meeting. The access data must then be securely transmitted to his representative.

The companies have been able to work on their systems in the past few months. Also to close the security gaps that computer scientist Andreas Mayer reported to them. “The level of security is now significantly higher,” he emphasizes.

See Also:  Iran conflict weighs on US stock exchanges - Dow closes in the red

Experts see a need for improvement not only in the technical implementation of the shareholder meetings, but also in the presentation. From the point of view of PR experts, a multimedia and emotional addressing of the shareholders was seldom seen.

Companies like BMW or Deutsche Telekom In 2020, they still provided the best optics by comparison: specially produced films and clips could be seen at the car manufacturer, while vehicles drove live over the studio stage during the event. Telekom CEO Timotheus Höttges spoke free-standing in changing environments such as a replica home office or in front of a multimedia wall on which company key figures were shown.

A survey by Handelsblatt among Dax companies shows that many companies are currently working on a better look and staging. Telekom is planning further multimedia elements at Bayer a professional moderator should lead through the lengthy question-and-answer session. Companies want to fill the breaks in the events with specially produced films about the company.

However, none of the respondents want to form the AGM for a show. According to BMW, the focus will continue to be on informing shareholders and exercising their rights. But this is exactly what investors see at risk.

The dispute is mainly about missing speeches and questions during the AGM. “The shareholders’ question and answer rights are becoming toothless, for example because the opportunity to ask follow-up questions is restricted,” criticizes Matthew Roberts, stewardship analyst at the fund company Fidelity. Should a confrontation at an AGM be permanently prevented by law, he predicts resistance: “Shareholders will have no choice but to vote against management if they want to raise a concern.”

See Also:  Authorities fear an increase in credit delinquencies

What if the transfer stops?

Ex-Siemens boss Joe Kaeser takes it for granted that the shareholders are also given the right to ask questions during a virtual general meeting. However, a legal framework is needed first. Dax companies are calling for a volume limit on questions and rules that prevent a wave of legal challenges against resolutions.

That could be the case if the transmission breaks off during the question-and-answer session at purely digital events and individual shareholders cannot follow the action. The information interest of individual shareholders and the technical feasibility must be balanced, it says at Eon.

The energy company wants just like the pharmaceutical company Merck react to the criticism that investors have no opportunities to speak at digital AGMs. In the past year, many events were spurned as “programs with the CEO”. At a minimum, shareholders demand that the CEO’s speech be posted on the Internet well before the AGM in order to coordinate the questions submitted in advance. Bayer and Eon want to implement this, the energy company is also planning “additional elements of shareholder participation” without giving any specific details.

At Merck KGaA, a project team is currently working on the design of the virtual general meeting. The Darmstadt-based company also wants to offer investors a platform this year: “We are planning a greater participation beyond what is required by law,” says Merck. Contributions submitted in advance by investors could be published and possibly also broadcast at the general meeting itself.

More: That will change in 2021 with virtual general meetings

.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.