Abstract:
The cloud is embedded in the operations of large businesses, who will understand the incentives in terms of cost reduction but also need to recognise, accept and mitigate the risks that come with adoption of an approach that brings in more actors and more opportunities for rogue interventions. We address the extent to which the five quoted UK banks, as an interesting sample of UK quoted corporates, inform their shareholders of the benefits and risks of cloud use through the traditional official medium of the annual report. There has been a rise in pressure, whether legal, quasi-legal or perceived best practice, to report significant risks to the business and it would be reasonable to assume that using the cloud might be such a risk. A study of the banks’ lengthy reports, with over 1,600 pages across the five reports for 2017, shows minimal mention of cloud as a risk, but the use of “cyber” as the term for, it seems, internet and computer risks of all kinds. The reports focus on directors overseeing and making themselves aware of risks with much of the language vague with key terms not defined. Standard Chartered, however, seems to take a different and, it is suggested, a more constructive approach than their peers.