Cyber-Risk Oversight

This resource center is a repository for all NACD content, services, and events related to the fast-moving and complex issue of cybersecurity oversight. Here you will find practical guidance, tools, and analyses tailored to the full board, relevant committees, and individual directors.

Videos and Webinars

Dr. Phyllis Schneck (DHS) discusses cyberhygiene as a boardroom investment Board engagement in cyber risk Challenges in new technology and cyber risk Update on emerging threats and D&O insurance concerns

Understanding the Changing Cyber Threat Landscape

2019 cyber threatscape summary report Retired admiral on why cybersecurity is the chief challenge of our times The changing economics of cybersecurity The impact of AI on cybersecurity How board members could inadvertently become cyber-risk vulnerabilities Cyber should be a tier-1 business risk Understanding the evolving cyber insurance market

Developing the Appropriate Board Oversight Structure and Practices

Cyber-risk oversight handbook Current and emerging practices in cyber-risk oversight Oversight of cyber risks in a complex regulatory environment Sample board self-assessment on cybersecurity culture Board engagement in cyber risk Board oversight of data privacy program

Assessing the Effectiveness of the Cybersecurity Program

Key questions to consider in assessing cyber-risks Questions for assessing company’s response capabilities A baseline diagnostic guide to enhance cyber-risk oversight (FAIR Institute) Governing digital transformation and emerging technologies Cybersecurity considerations during M&A phases Why people are still the weakest link in cybersecurity and data privacy Making the right investments for cyber resilience How to build a relationship with the CISO Why your next CISO should have breach experience What questions to ask your CISO

Ensuring Effective Management Reporting

What directors should look for in their cybersecurity briefing Get the right metrics and reports for your board Questions your board should ask management if you’ve been breached Board-level cybersecurity metrics Sample cyber-risk dashboards

Cyber-Risk Oversight Certificate

Earn the CERT Certificate in Cybersecurity Oversight, issued by NACD and Carnegie Mellon University

Understanding Relevant Legal and Compliance Implications

The board's role in data privacy oversight What boards should know about the GDPR Keep up with expectations around data privacy