The Importance of Board Member Actions for Cybersecurity Governance and Risk Management

Boards of directors are increasingly responsible for providing guidance and oversight on cybersecurity risk, yet are often unequipped to do so. This critically important mandate introduces novel challenges to what is already a complex governance environment. Drawing on in-depth interviews with board members and executives, we describe four core cybersecurity challenges that boards encounter and provide 10 recommended actions they can take in response. These actions enable boards to optimize their ability to provide meaningful, effective governance to address cybersecurity risk.1 ,2