Questions Directors Can Ask to Assess the Board’s “Cyber Literacy”

In brief: Cybersecurity should be considered an enterprise-wide, cross-departmental issue that is integrated into full-board discussions. As directors’ responsibilities around cybersecurity increase, boards should ensure they are providing adequate cyber-risk oversight. Produced in the NACD Director’s Handbook on Cyber-Risk Oversight, these questions provide boards with a template for assessing their cyber literacy.

This resource can help your board

• Determine the company’s most valuable assets and how to protect them.

• Consider investments in cybersecurity and cyber insurance.

• Create lines of accountability/responsibility for cybersecurity.

Most relevant audiences: the full board, general counsel, risk committee members, and audit committee members

1. What do we consider our most valuable assets? How does our IT system interact with those assets? Do we believe we can ever fully protect those assets?

2. Do we think there is adequate protection in place if someone wanted to get at or damage our corporate “crown jewels”? What would it take to feel confident that those assets were protected?

3. Are we investing enough so that our corporate operating and network systems are not easy targets for a determined hacker?