Questions for the Board to Ask Management about Cybersecurity

In brief: Produced with the NACD Director’s Handbook on Cyber-Risk Oversight, these questions are designed to guide directors as they work to strengthen oversight of their company’s cybersecurity. Questions are focused on the following areas of cybersecurity oversight: situational awareness, strategy and operations, insider threats, supply-chain and third-party risks, incident response, and post-cybersecurity incident review.

This resource can help your board

• Improve cybersecurity-related communications from management.

• Assess the company’s vulnerabilities and strengthen its cybersecurity posture according to leading practices.

• Respond appropriately in the case of a cyber incident.

Most relevant audiences: risk committee members, audit committee members, and chief information security officers