Boardroom Tools

Assessing the Board’s Cyber-Risk Oversight Effectiveness

By NACD Staff

03/15/2021

Cyber-Risk Oversight Boardroom Tool Director Education

Member-Only Content

For full access, please log in, or explore membership options.

JOIN NACD

 

 

In brief: This tool helps directors outline key questions to pose to their senior management teams to provide effective cyber-risk oversight. The tool then provides a numerical scale for assessing the board’s cyber-risk oversight effectiveness. This brief was written by Thompson Reuters and originally appeared in Cyber-Risk Oversight 2020: Key Principles and Practical Guidance for Corporate Boards.

This resource can help your board to

  • pose questions to management to assess key cyber risks,

  • provide oversight of the corporation’s cyber-risk landscape, and

  • evaluate the board’s understanding of cyber risks facing the organization.

 Most relevant audiences: Risk committee chairs, risk committee members, and CISOs

This tool helps directors identify which questions to ask senior management and outlines a numerical scale for assessing the board’s cyber-risk oversight effectiveness.

Board leaders wishing to incorporate a cybersecurity component into their board’s recurring self-evaluation can use the questions in the table below as a starting point.

Questions Directors Can Ask to Assess the Board’s Cyberliteracy

  1. Can all directors effectively contribute to a robust conversation with management about the current state of the company’s cybersecurity? In which areas does our lack of knowledge/understanding of cyber matters prevent effective oversight?